STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Cron programs must not set the umask to a value less restrictive than 077.

DISA Rule

SV-226631r603265_rule

Vulnerability Number

V-226631

Group Title

SRG-OS-000312

Rule Version

GEN003220

Severity

CAT III

CCI(s)

• CCI-002165 - The information system enforces organization-defined discretionary access control policies over defined subjects and objects.

Weight

10

Fix Recommendation

Edit cron script files and modify the umask to 077.

Check Contents

Determine if there are any crontabs by viewing a long listing of the directory. If there are crontabs, examine them to determine what cron jobs exist. Check for any programs specifying an umask.

# ls -lL /var/spool/cron/crontabs
# cat <crontab file>
# grep umask <cron program>

If there are no cron jobs present, this vulnerability is not applicable. If any cron job contains an umask value more permissive than 077, this is a finding.

Severity Override Guidance:
If a cron program sets the umask to 000 or does not restrict the world-writable permission, this becomes a CAT I finding.

Vulnerability Number

V-226631

Documentable

False

Rule Version

GEN003220

Severity Override Guidance

Determine if there are any crontabs by viewing a long listing of the directory. If there are crontabs, examine them to determine what cron jobs exist. Check for any programs specifying an umask.

# ls -lL /var/spool/cron/crontabs
# cat <crontab file>
# grep umask <cron program>

If there are no cron jobs present, this vulnerability is not applicable. If any cron job contains an umask value more permissive than 077, this is a finding.

Severity Override Guidance:
If a cron program sets the umask to 000 or does not restrict the world-writable permission, this becomes a CAT I finding.

Check Content Reference

M

Target Key

4060

Comments