STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The system and user default umask must be 077.

DISA Rule

SV-227713r603266_rule

Vulnerability Number

V-227713

Group Title

SRG-OS-000480

Rule Version

GEN002560

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit the /etc/default/login file for Solaris. Set the variable UMASK=077.

Edit local and global initialization files containing "umask" and change them to use "077".

Check Contents

NOTE: The following commands must be run in the BASH shell.

Check global configuration:
# find /etc -type f | xargs grep -i umask

Check local initialization files:
# cut -d: -f6 /etc/passwd | xargs -n1 -iHOMEDIR sh -c "grep umask HOMEDIR/.*"

If the system and user default umask is not 077, this a finding.

Note: If the default umask is 000 or allows for the creation of world writable files this becomes a CAT I finding..

Vulnerability Number

V-227713

Documentable

False

Rule Version

GEN002560

Severity Override Guidance

NOTE: The following commands must be run in the BASH shell.

Check global configuration:
# find /etc -type f | xargs grep -i umask

Check local initialization files:
# cut -d: -f6 /etc/passwd | xargs -n1 -iHOMEDIR sh -c "grep umask HOMEDIR/.*"

If the system and user default umask is not 077, this a finding.

Note: If the default umask is 000 or allows for the creation of world writable files this becomes a CAT I finding..

Check Content Reference

M

Target Key

4061

Comments