>From 894ac4ec447c8d679b23bc560772db47042e0ecc Mon Sep 17 00:00:00 2001 From: Shawn Wells <sh...@redhat.com> Date: Wed, 19 Sep 2012 11:49:13 -0400 Subject: [PATCH 04/14] Created OCIL for user_umask_cshrc - Updated description to increase readability - Created OCIL text
--- RHEL6/input/system/accounts/session.xml | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/RHEL6/input/system/accounts/session.xml b/RHEL6/input/system/accounts/session.xml index a038a8f..4f8804c 100644 --- a/RHEL6/input/system/accounts/session.xml +++ b/RHEL6/input/system/accounts/session.xml @@ -216,12 +216,19 @@ umask 077</pre> <title>Ensure the Default C Shell Umask is Set Correctly</title> <description> To ensure the default umask for users of the C shell is set properly, -add or correct in <tt>/etc/csh.cshrc</tt> the line: +add or correct the <tt>umask</tt> setting in <tt>/etc/csh.cshrc</tt> to read as follows: <pre>umask 077<!-- <sub idref="umask_user_value" /> --></pre> </description> <rationale>The umask value influences the permissions assigned to files when they are created. A misconfigured umask value could result in files with excessive permissions that can be read and/or written to by unauthorized users.</rationale> +<ocil>Verify the <tt>umask</tt> setting is configured correctly in the <tt>/etc/csh.cshrc</tt> file by +running the following command: +<pre># grep "umask" /etc/csh.cshrc</pre> +All output must show the value of <tt>umask</tt> set to 077, as shown in the below: +<pre># grep "umask" /etc/csh.cshrc +umask 077</pre> +</ocil> <ident cce="4227-5" /> <oval id="accounts_umask_csh" value="umask_user_value"/> <ref nist="CM-6, CM-7"/> -- 1.7.1
_______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
