Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-38642 | RHEL-06-000346 | SV-50443r1_rule | Low |
Description |
---|
The umask influences the permissions assigned to files created by a process at run time. An unnecessarily permissive umask could result in files being created with insecure permissions. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2018-11-28 |
Check Text ( C-46203r1_chk ) |
---|
To check the value of the "umask", run the following command: $ grep umask /etc/init.d/functions The output should show either "022" or "027". If it does not, this is a finding. |
Fix Text (F-43592r1_fix) |
---|
The file "/etc/init.d/functions" includes initialization parameters for most or all daemons started at boot time. The default umask of 022 prevents creation of group- or world-writable files. To set the default umask for daemons, edit the following line, inserting 022 or 027 for [UMASK] appropriately: umask [UMASK] Setting the umask to too restrictive a setting can cause serious errors at runtime. Many daemons on the system already individually restrict themselves to a umask of 077 in their own init scripts. |