The AIX /var/spool/cron/atjobs directory must have a mode of 0640 or less permissive. (Cat II impact)
Incorrect permissions of the /var/spool/cron/atjobs directory could permit unauthorized users the ability to alter atjobs and run automated jobs as privileged users. Failure to set proper permissions of the /var/spool/cron/atjobs directory provides unauthorized users with the potential to access sensitive information or change the system configuration which could weaken the system's security posture.
Check the mode of the /var/spool/cron/atjobs directory using command: # ls -ld /var/spool/cron/atjobs drw-r----- 1 daemon daemon 993 Mar 11 07:04 /var/spool/cron/atjobs If the directory has a mode more permissive than "0640", this is a finding.
Change the mode of the /var/spool/cron/atjobs directory: # chmod 640 /var/spool/cron/atjobs
Rule ID: SV-245568r755145_rule
Vulnerability ID: V-245568
Group Title: SRG-OS-000480-GPOS-00227
The organization implements the security configuration settings.