Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4360 | GEN003220 | SV-27364r1_rule | ECCD-1 ECCD-2 | Low |
Description |
---|
The umask controls the default access mode assigned to newly created files. An umask of 077 limits new files to mode 700 or less permissive. Although umask is often represented as a 4-digit octal number, the first digit representing special access modes is typically ignored or required to be 0. |
STIG | Date |
---|---|
Solaris 10 SPARC Security Technical Implementation Guide | 2018-12-17 |
Check Text ( C-28508r1_chk ) |
---|
Determine if there are any crontabs by viewing a long listing of the directory. If there are crontabs, examine them to determine what cron jobs exist. Check for any programs specifying an umask. # ls -lL /var/spool/cron/crontabs # cat # grep umask If there are no cron jobs present, this vulnerability is not applicable. If any cron job contains an umask value more permissive than 077, this is a finding. |
Fix Text (F-4271r2_fix) |
---|
Edit cron script files and modify the umask to 077. |