Nutanix AOS must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-254195 | NUTX-OS-001080 | SV-254195r846673_rule | Low |
| Description |
|---|
| Setting the most restrictive default permissions ensures that when new accounts are created they do not have unnecessary access. |
| STIG | Date |
|---|---|
| Nutanix AOS 5.20.x OS Security Technical Implementation Guide | 2022-08-24 |
Details
| Check Text ( C-57680r846671_chk ) |
|---|
| Confirm Nutanix AOS defines default permissions for all authenticated users in such a way that the user can only read and modify their own files. $ sudo grep -i umask /etc/login.defs UMASK 077 If the value for the "UMASK" parameter is not "077", or the "UMASK" parameter is missing or is commented out, this is a finding. |
| Fix Text (F-57631r846672_fix) |
|---|
| Configure Nutanix AOS default permissions UMASK to 077 by running the following command. salt-call state.sls security/CVM/shellCVM |