STIGQter: STIG Summary: Solaris 11 X86 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The default umask for system and users must be 077.

DISA Rule

SV-216106r603268_rule

Vulnerability Number

V-216106

Group Title

SRG-OS-000480

Rule Version

SOL-11.1-040250

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

The root role is required.

Edit local and global initialization files containing "umask" and change them to use 077.

# pfedit /etc/default/login

Insert the line
UMASK=077

# pfedit [user initialization file]

Insert the line
umask 077

Check Contents

The root role is required.

Determine if the default umask is configured properly.

# grep -i "^UMASK=" /etc/default/login

If "UMASK=077" is not displayed, this is a finding.

Check local initialization files:
# cut -d: -f1 /etc/passwd | xargs -n1 -iUSER sh -c "grep umask ~USER/.*"

If this command does not output a line indicating "umask 077" for each user, this is a finding.

Vulnerability Number

V-216106

Documentable

False

Rule Version

SOL-11.1-040250

Severity Override Guidance

The root role is required.

Determine if the default umask is configured properly.

# grep -i "^UMASK=" /etc/default/login

If "UMASK=077" is not displayed, this is a finding.

Check local initialization files:
# cut -d: -f1 /etc/passwd | xargs -n1 -iUSER sh -c "grep umask ~USER/.*"

If this command does not output a line indicating "umask 077" for each user, this is a finding.

Check Content Reference

M

Target Key

4021

Comments