STIGQter STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Cron programs must not set the umask to a value less restrictive than 077.

DISA Rule

SV-227757r603266_rule

Vulnerability Number

V-227757

Group Title

SRG-OS-000312

Rule Version

GEN003220

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Edit cron script files and modify the umask to 077.

Check Contents

Determine if there are any crontabs by viewing a long listing of the directory. If there are crontabs, examine them to determine what cron jobs exist. Check for any programs specifying an umask.

# ls -lL /var/spool/cron/crontabs
# cat <crontab file>
# grep umask <cron program>

If there are no cron jobs present, this vulnerability is not applicable. If any cron job contains an umask value more permissive than 077, this is a finding.

Severity Override Guidance:
If a cron program sets the umask to 000 or does not restrict the world-writable permission, this becomes a CAT I finding.

Vulnerability Number

V-227757

Documentable

False

Rule Version

GEN003220

Severity Override Guidance

Determine if there are any crontabs by viewing a long listing of the directory. If there are crontabs, examine them to determine what cron jobs exist. Check for any programs specifying an umask.

# ls -lL /var/spool/cron/crontabs
# cat <crontab file>
# grep umask <cron program>

If there are no cron jobs present, this vulnerability is not applicable. If any cron job contains an umask value more permissive than 077, this is a finding.

Severity Override Guidance:
If a cron program sets the umask to 000 or does not restrict the world-writable permission, this becomes a CAT I finding.

Check Content Reference

M

Target Key

4061

Comments