>From 1e676992869fb84d61f94c05fdb9423f9254496d Mon Sep 17 00:00:00 2001 From: Shawn Wells <sh...@redhat.com> Date: Wed, 19 Sep 2012 11:43:04 -0400 Subject: [PATCH 03/14] Created OCIL for user_umask_bashrc Created OCIL text for user_umask_bashrc
--- RHEL6/input/system/accounts/session.xml | 14 ++++++++++++-- 1 files changed, 12 insertions(+), 2 deletions(-) diff --git a/RHEL6/input/system/accounts/session.xml b/RHEL6/input/system/accounts/session.xml index 26e33b6..a038a8f 100644 --- a/RHEL6/input/system/accounts/session.xml +++ b/RHEL6/input/system/accounts/session.xml @@ -191,15 +191,25 @@ operator="equals" interactive="0"> <title>Ensure the Default Bash Umask is Set Correctly</title> <description> To ensure the default umask for users of the Bash shell is set properly, -add or correct in <tt>/etc/bashrc</tt> the line: +add or correct the <tt>umask</tt> setting in <tt>/etc/bashrc</tt> to read +as follows: <pre>umask 077<!-- <sub idref="umask_user_value" /> --></pre> </description> <rationale>The umask value influences the permissions assigned to files when they are created. A misconfigured umask value could result in files with excessive permissions that can be read and/or written to by unauthorized users.</rationale> +<ocil>Verify the <tt>umask</tt> setting is configured correctly in the <tt>/etc/bashrc</tt> file by +running the following command: +<pre># grep "umask" /etc/bashrc</pre> +All output must show the value of <tt>umask</tt> set to 077, as shown below: +<pre># grep "umask" /etc/bashrc +umask 077 +umask 077</pre> +</ocil> + <ident cce="3844-8" /> <oval id="accounts_umask_bash_users" value="umask_user_value"/> -<ref nist="CM-6, CM-7"/> +<ref nist="CM-6, CM-7" disa="366"/> </Rule> <Rule id="user_umask_cshrc"> -- 1.7.1
_______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
