Ensure the Default Umask is Set Correctly in login.defs
An XCCDF Rule
Description
To ensure the default umask controlled by /etc/login.defs
is set properly,
add or correct the UMASK
setting in /etc/login.defs
to read as follows:
UMASK
Rationale
The umask value influences the permissions assigned to files when they are created. A misconfigured umask value could result in files with excessive permissions that can be read and written to by unauthorized users.
- ID
- xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- DISA-STIG-RHEL-09-412065
- NIST-800-53-AC-6(1)
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q shadow-utils; then
var_accounts_user_umask='<xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_var_accounts_user_umask" use="legacy"/>'