Ensure the Default Umask is Set Correctly in login.defs

An XCCDF Rule

Description

To ensure the default umask controlled by /etc/login.defs is set properly, add or correct the UMASK setting in /etc/login.defs to read as follows:

UMASK

Rationale

The umask value influences the permissions assigned to files when they are created. A misconfigured umask value could result in files with excessive permissions that can be read and written to by unauthorized users.

ID: xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs
Severity: Medium
References: BP28(R35)

11 18 3 9

APO13.01 BAI03.01 BAI03.02 BAI03.03 BAI10.01 BAI10.02 BAI10.03 BAI10.05

CCI-000366

4.3.4.3.2 4.3.4.3.3

SR 7.6

A.12.1.2 A.12.5.1 A.12.6.2 A.14.1.1 A.14.2.1 A.14.2.2 A.14.2.3 A.14.2.4 A.14.2.5 A.6.1.5

CIP-003-8 R5.1.1 CIP-003-8 R5.3 CIP-004-6 R2.3 CIP-007-3 R2.1 CIP-007-3 R2.2 CIP-007-3 R2.3 CIP-007-3 R5.1 CIP-007-3 R5.1.1 CIP-007-3 R5.1.2

AC-6(1) CM-6(a)

PR.IP-1 PR.IP-2

SRG-OS-000480-GPOS-00228
Updated: over 1 year ago