Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Cron programs must not set the umask to a value less restrictive than 077.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4360 | GEN003220 | SV-64337r1_rule | ECCD-1 ECCD-2 | Low |
| Description |
|---|
| The umask controls the default access mode assigned to newly created files. A umask of 077 limits new files to mode 700 or less permissive. Although umask is often represented as a 4-digit octal number, the first digit representing special access modes is typically ignored or required to be 0. |
| STIG | Date |
|---|---|
| Oracle Linux 5 Security Technical Implementation Guide | 2015-03-26 |
Details
| Check Text ( C-52743r3_chk ) |
|---|
| Determine if there are any crontabs by viewing a long listing of the directory. If there are crontabs, examine them to determine what cron jobs exist. Check for any programs specifying an umask more permissive than 077: Procedure: # ls -lL /var/spool/cron # ls -lL /etc/cron.d /etc/cron.daily /etc/cron.hourly /etc/cron.monthly /etc/cron.weekly or # ls -lL /etc/cron.*|grep -v deny # cat # grep umask If there are no cron jobs present, this vulnerability is not applicable. If any cron job contains an umask more permissive than 077, this is a finding. Note: If a cron program sets the umask to 000 or does not restrict the world-writable permission, this becomes a CAT I finding. |
| Fix Text (F-54923r1_fix) |
|---|
| Edit cron script files and modify the umask to 077. |