STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.

DISA Rule

SV-99423r1_rule

Vulnerability Number

V-88773

Group Title

SRG-OS-000480-GPOS-00228

Rule Version

VROM-SL-001510

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

To configure the correct UMASK setting run the following command:

# sed -i "/^[^#]*UMASK/ c\UMASK 077" /etc/login.defs

NOTE: Setting "UMASK 077" will break upgrades and other possible functionality within the product. When making upgrades to the system, you will need to revert this UMASK setting to the default for the duration of upgrades and then re-apply.

Check Contents

Check for the configured umask value in login.defs with the following command:

# grep UMASK /etc/login.defs

If the default umask is not "077", this a finding.

Note: If the default umask is "000" or allows for the creation of world-writable files this becomes a CAT I finding.

Vulnerability Number

V-88773

Documentable

False

Rule Version

VROM-SL-001510

Severity Override Guidance

Check for the configured umask value in login.defs with the following command:

# grep UMASK /etc/login.defs

If the default umask is not "077", this a finding.

Note: If the default umask is "000" or allows for the creation of world-writable files this becomes a CAT I finding.

Check Content Reference

M

Target Key

3461

Comments