UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

"At" jobs must not set the umask to a value less restrictive than 077.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4366 GEN003440 SV-37531r1_rule ECCD-1 ECCD-2 Medium
Description
The umask controls the default access mode assigned to newly created files. A umask of 077 limits new files to mode 700 or less permissive. Although umask is often represented as a 4-digit number, the first digit representing special access modes is typically ignored or required to be 0.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2012-05-25

Details

Check Text ( C-36190r1_chk )
Determine what "at" jobs exist on the system.
Procedure:
# ls /var/spool/at

If there are no "at" jobs present, this is not applicable.

Determine if any of the "at" jobs or any scripts referenced execute the "umask" command. Check for any umask setting more permissive than 077.

# grep umask

If any "at" job or referenced script sets umask to a value more permissive than 077, this is a finding.
Fix Text (F-31445r1_fix)
Edit "at" jobs or referenced scripts to remove "umask" commands that set umask to a value less restrictive than 077.