An error occurred:

Check: GEN005040

AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE: GEN005040 (in versions v1 r14 through v1 r10)

Title

All FTP users must have a default umask of 077. (Cat II impact)

Discussion

The umask controls the default access mode assigned to newly created files. An umask of 077 limits new files to mode 700 or less permissive. Although umask is stored as a 4-digit number, the first digit representing special access modes is typically ignored or required to be zero (0).

Check Content

Check the umask setting for the "ftp" user. Procedure: # lsuser -a umask ftp If the umask value does not return 077 or 77, this is a finding. Check the default umask that the ftpd daemon is running with # grep ftpd /etc/inetd.conf If there is not a -u077 argument on the ftpd, this is a finding.

Fix Text

Add the arguments -u077 to the ftpd on the /etc/inetd.conf and refresh inetd. #vi /etc/inetd.conf #refresh -s inetd Change the umask of the ftp user. #chuser umask=077 ftp

Additional Identifiers

Rule ID: SV-38813r1_rule

Vulnerability ID: V-12011

Group Title: GEN005040

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000225

The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-6

Least Privilege