Check: OL6-00-000343
Oracle Linux 6 STIG:
OL6-00-000343
(in versions v2 r7 through v1 r9)
Title
The system default umask for the csh shell must be 077. (Cat III impact)
Discussion
The umask value influences the permissions assigned to files when they are created. A misconfigured umask value could result in files with excessive permissions that can be read and/or written to by unauthorized users.
Check Content
Verify the "umask" setting is configured correctly in the "/etc/csh.cshrc" file by running the following command: # grep "umask" /etc/csh.cshrc All output must show the value of "umask" set to 077, as shown in the below: # grep "umask" /etc/csh.cshrc umask 077 If the above command returns no output, or if the umask is configured incorrectly, this is a finding.
Fix Text
To ensure the default umask for users of the C shell is set properly, add or correct the "umask" setting in "/etc/csh.cshrc" to read as follows: umask 077
Additional Identifiers
Rule ID: SV-209045r793766_rule
Vulnerability ID: V-209045
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |