STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 6 Security Technical Implementation Guide Version: 1 Release: 24 Benchmark Date: 25 Oct 2019: The system default umask in /etc/login.defs must be 077.

DISA Rule

SV-50446r1_rule

Vulnerability Number

V-38645

Group Title

SRG-OS-999999

Rule Version

RHEL-06-000345

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

To ensure the default umask controlled by "/etc/login.defs" is set properly, add or correct the "umask" setting in "/etc/login.defs" to read as follows:

UMASK 077

Check Contents

Verify the "umask" setting is configured correctly in the "/etc/login.defs" file by running the following command:

# grep -i "umask" /etc/login.defs

All output must show the value of "umask" set to 077, as shown in the below:

# grep -i "umask" /etc/login.defs
UMASK 077


If the above command returns no output, or if the umask is configured incorrectly, this is a finding.

Vulnerability Number

V-38645

Documentable

False

Rule Version

RHEL-06-000345

Severity Override Guidance

Verify the "umask" setting is configured correctly in the "/etc/login.defs" file by running the following command:

# grep -i "umask" /etc/login.defs

All output must show the value of "umask" set to 077, as shown in the below:

# grep -i "umask" /etc/login.defs
UMASK 077


If the above command returns no output, or if the umask is configured incorrectly, this is a finding.

Check Content Reference

M

Target Key

2367

Comments