Check: RHEL-06-000343
Red Hat Enterprise Linux 6 STIG:
RHEL-06-000343
(in versions v2 r2 through v1 r14)
Title
The system default umask for the csh shell must be 077. (Cat III impact)
Discussion
The umask value influences the permissions assigned to files when they are created. A misconfigured umask value could result in files with excessive permissions that can be read and/or written to by unauthorized users.
Check Content
Verify the "umask" setting is configured correctly in the "/etc/csh.cshrc" file by running the following command: # grep "umask" /etc/csh.cshrc All output must show the value of "umask" set to 077, as shown in the below: # grep "umask" /etc/csh.cshrc umask 077 If the above command returns no output, or if the umask is configured incorrectly, this is a finding.
Fix Text
To ensure the default umask for users of the C shell is set properly, add or correct the "umask" setting in "/etc/csh.cshrc" to read as follows: umask 077
Additional Identifiers
Rule ID: SV-218074r603264_rule
Vulnerability ID: V-218074
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |