AIX must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.

An XCCDF Rule

Details
Profiles
Prose

Description

<VulnDiscussion>Setting the most restrictive default permissions ensures that when new accounts are created they do not have unnecessary access.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-215431r991590_rule
Severity: Medium
References: CCI-000366
Updated: 17 days ago

Add the following line to "/etc/security/.profile":
umask 077

Run the following command to set "umask=077" for the default stanza in "/etc/security/user":
# chsec -f /etc/security/user -s default -a umask=077

AIX must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.

Description

Remediation - Manual Procedure