STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system default umask for the bash shell must be 077.

DISA Rule

SV-209044r603263_rule

Vulnerability Number

V-209044

Group Title

SRG-OS-000480

Rule Version

OL6-00-000342

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

To ensure the default umask for users of the Bash shell is set properly, add or correct the "umask" setting in "/etc/bashrc" to read as follows:

umask 077

Check Contents

Verify the "umask" setting is configured correctly in the "/etc/bashrc" file by running the following command:

# grep "umask" /etc/bashrc

All output must show the value of "umask" set to 077, as shown below:

# grep "umask" /etc/bashrc
umask 077
umask 077

If the above command returns no output, or if the umask is configured incorrectly, this is a finding.

Vulnerability Number

V-209044

Documentable

False

Rule Version

OL6-00-000342

Severity Override Guidance

Verify the "umask" setting is configured correctly in the "/etc/bashrc" file by running the following command:

# grep "umask" /etc/bashrc

All output must show the value of "umask" set to 077, as shown below:

# grep "umask" /etc/bashrc
umask 077
umask 077

If the above command returns no output, or if the umask is configured incorrectly, this is a finding.

Check Content Reference

M

Target Key

2928

Comments