STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The system default umask for daemons must be 027 or 022.

DISA Rule

SV-209048r603263_rule

Vulnerability Number

V-209048

Group Title

SRG-OS-000480

Rule Version

OL6-00-000346

Severity

CAT III

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

The file "/etc/init.d/functions" includes initialization parameters for most or all daemons started at boot time. The default umask of 022 prevents creation of group- or world-writable files. To set the default umask for daemons, edit the following line, inserting 022 or 027 for [UMASK] appropriately:

umask [UMASK]

Setting the umask to too restrictive a setting can cause serious errors at runtime. Many daemons on the system already individually restrict themselves to a umask of 077 in their own init scripts.

Check Contents

To check the value of the "umask", run the following command:

$ grep umask /etc/init.d/functions

The output should show either "022" or "027".
If it does not, this is a finding.

Vulnerability Number

V-209048

Documentable

False

Rule Version

OL6-00-000346

Severity Override Guidance

To check the value of the "umask", run the following command:

$ grep umask /etc/init.d/functions

The output should show either "022" or "027".
If it does not, this is a finding.

Check Content Reference

Target Key

2928

The system default umask for daemons must be 027 or 022.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments