STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:SV-230385r627750_rule
V-230385
SRG-OS-000480-GPOS-00227
RHEL-08-020353
CAT II
10
Configure the operating system to define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
Add or edit the lines for the "UMASK" parameter in the "/etc/bashrc" and "etc/csh.cshrc" files to "077":
UMASK 077
Verify that the umask default for installed shells is "077".
Check for the value of the "UMASK" parameter in the "/etc/bashrc" and "/etc/csh.cshrc" files with the following command:
Note: If the value of the "UMASK" parameter is set to "000" in either the "/etc/bashrc" or the "/etc/csh.cshrc" files, the Severity is raised to a CAT I.
# grep -i umask /etc/bashrc /etc/csh.cshrc
/etc/bashrc: umask 077
/etc/bashrc: umask 077
/etc/csh.cshrc: umask 077
/etc/csh.cshrc: umask 077
If the value for the "UMASK" parameter is not "077", or the "UMASK" parameter is missing or is commented out, this is a finding.
V-230385
False
RHEL-08-020353
Verify that the umask default for installed shells is "077".
Check for the value of the "UMASK" parameter in the "/etc/bashrc" and "/etc/csh.cshrc" files with the following command:
Note: If the value of the "UMASK" parameter is set to "000" in either the "/etc/bashrc" or the "/etc/csh.cshrc" files, the Severity is raised to a CAT I.
# grep -i umask /etc/bashrc /etc/csh.cshrc
/etc/bashrc: umask 077
/etc/bashrc: umask 077
/etc/csh.cshrc: umask 077
/etc/csh.cshrc: umask 077
If the value for the "UMASK" parameter is not "077", or the "UMASK" parameter is missing or is commented out, this is a finding.
M
2921