The default umask for system and users must be 077.

An XCCDF Rule

Description

Setting a very secure default value for umask ensures that users make a conscious choice about their file permissions.

ID: SV-216106r959010_rule
Version: SOL-11.1-040250
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

The root role is required.

Edit local and global initialization files containing "umask" and change them to use 077.

# pfedit /etc/default/login
Insert the line
UMASK=077

# pfedit [user initialization file]

Insert the line
umask 077