Skip to content

The default umask for system and users must be 077.

An XCCDF Rule

Description

<VulnDiscussion>Setting a very secure default value for umask ensures that users make a conscious choice about their file permissions.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-216341r603267_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

The root role is required.

Edit local and global initialization files containing "umask" and change them to use 077.

# pfedit /etc/default/login