STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system default umask in /etc/login.defs must be 077.

DISA Rule

SV-209047r603263_rule

Vulnerability Number

V-209047

Group Title

SRG-OS-000480

Rule Version

OL6-00-000345

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

To ensure the default umask controlled by "/etc/login.defs" is set properly, add or correct the "umask" setting in "/etc/login.defs" to read as follows:

UMASK 077

Check Contents

Verify the "umask" setting is configured correctly in the "/etc/login.defs" file by running the following command:

# grep -i "umask" /etc/login.defs

All output must show the value of "umask" set to 077, as shown in the below:

# grep -i "umask" /etc/login.defs
UMASK 077

If the above command returns no output, or if the umask is configured incorrectly, this is a finding.

Vulnerability Number

V-209047

Documentable

False

Rule Version

OL6-00-000345

Severity Override Guidance

Verify the "umask" setting is configured correctly in the "/etc/login.defs" file by running the following command:

# grep -i "umask" /etc/login.defs

All output must show the value of "umask" set to 077, as shown in the below:

# grep -i "umask" /etc/login.defs
UMASK 077

If the above command returns no output, or if the umask is configured incorrectly, this is a finding.

Check Content Reference

M

Target Key

2928

Comments