Navigate

Check: GEN003220

VMware ESX 3 Server: GEN003220 (in version v1 r2)

Title

Cron programs must not set the umask to a value less restrictive than 077. (Cat III impact)

Discussion

The umask controls the default access mode assigned to newly created files. A umask of 077 limits new files to a mode of 700 or less permissive. Although umask is often represented as a 4-digit octal number, the first digit representing special access modes is typically ignored or required to be 0.

Check Content

Check programs run from cron for umask settings. If any specify a umask more permissive than 077, this is a finding.

Fix Text

Edit cron script files and modify the umask to 077.

Additional Identifiers

Rule ID: SV-4360r2_rule

Vulnerability ID: V-4360

Group Title: GEN003220

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000225	The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-6	Least Privilege