Check: PHTN-67-000122
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000122
(in versions v1 r6 through v1 r1)
Title
The Photon operating system must set the UMASK parameter correctly. (Cat II impact)
Discussion
The umask value influences the permissions assigned to files when they are created. The umask setting in login.defs controls the permissions for a new user's home directory. By setting the proper umask, home directories will only allow the new user to read and write files there. Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00230
Check Content
At the command line, execute the following command: # grep UMASK /etc/login.defs Expected result: UMASK 077 If the output does not match the expected result, this a finding.
Fix Text
Open /etc/login.defs with a text editor. Ensure that the "UMASK" line is uncommented and set to the following: UMASK 077
Additional Identifiers
Rule ID: SV-239193r675387_rule
Vulnerability ID: V-239193
Group Title: SRG-OS-000480-GPOS-00228
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |