STIGQter STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 1 Release: 26 Benchmark Date: 24 Jan 2020: Cron programs must not set the umask to a value less restrictive than 077.

DISA Rule

SV-27364r1_rule

Vulnerability Number

V-4360

Group Title

GEN003220

Rule Version

GEN003220

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Edit cron script files and modify the umask to 077.

Check Contents

Determine if there are any crontabs by viewing a long listing of the directory. If there are crontabs, examine them to determine what cron jobs exist. Check for any programs specifying an umask.

# ls -lL /var/spool/cron/crontabs
# cat <crontab file>
# grep umask <cron program>

If there are no cron jobs present, this vulnerability is not applicable. If any cron job contains an umask value more permissive than 077, this is a finding.

Vulnerability Number

V-4360

Documentable

True

Rule Version

GEN003220

Severity Override Guidance

Determine if there are any crontabs by viewing a long listing of the directory. If there are crontabs, examine them to determine what cron jobs exist. Check for any programs specifying an umask.

# ls -lL /var/spool/cron/crontabs
# cat <crontab file>
# grep umask <cron program>

If there are no cron jobs present, this vulnerability is not applicable. If any cron job contains an umask value more permissive than 077, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

25

Comments