UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Cron programs must not set the umask to a value less restrictive than 077.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4360 GEN003220 SV-45633r1_rule Low
Description
The umask controls the default access mode assigned to newly created files. A umask of 077 limits new files to mode 700 or less permissive. Although umask is often represented as a 4-digit octal number, the first digit representing special access modes is typically ignored or required to be 0.
STIG Date
SUSE Linux Enterprise Server v11 for System z 2016-12-20

Details

Check Text ( C-42999r1_chk )
Determine if there are any crontabs by viewing a long listing of the directory. If there are crontabs, examine them to determine what cron jobs exist. Check for any programs specifying an umask more permissive than 077:

Procedure:

# ls -lL /var/spool/cron /var/spool/cron/tabs


# ls -lL /etc/crontab /etc/cron.{d,daily,hourly,monthly,weekly}
or
# ls -lL /etc/cron.*|grep -v deny

# cat
# grep umask

If there are no cron jobs present, this vulnerability is not applicable. If any cron job contains an umask more permissive than 077, this is a finding.
Fix Text (F-39031r1_fix)
Edit cron script files and modify the umask to 077.