CCE-92134-6Platform: Amazon Linux | Date: (C)2018-10-29 (M)2022-10-10 |
Disable Odd Job Daemon (oddjobd)
The 'oddjobd' service exists to provide an interface and
access control mechanism through which
specified privileged tasks can run tasks for unprivileged client
applications. Communication with 'oddjobd' through the system message bus.
The 'oddjobd' service can be disabled with the following command:
'$ sudo systemctl disable oddjobd'
Parameter:
Technical Mechanism:
The 'oddjobd' service may provide necessary functionality in
some environments, and can be disabled if it is not needed. Execution of
tasks by privileged programs, on behalf of unprivileged ones, has traditionally
been a source of privilege escalation security issues.
Fix:
#
# Disable oddjobd.service for all systemd targets
#
systemctl disable oddjobd.service
#
# Stop oddjobd.service if currently running
#
systemctl stop oddjobd.service
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48321 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48800 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48321 |