>From 7fe9f83a42f813acf0fb40a0e9804062257568fd Mon Sep 17 00:00:00 2001 From: Shawn Wells <sh...@redhat.com> Date: Wed, 19 Sep 2012 11:57:02 -0400 Subject: [PATCH 06/14] Created OCIL for user_umask_logindefs - Updated description text for clarify/copy editing - Created OCIL for user_umask_logindefs
--- RHEL6/input/system/accounts/session.xml | 12 ++++++++++-- 1 files changed, 10 insertions(+), 2 deletions(-) diff --git a/RHEL6/input/system/accounts/session.xml b/RHEL6/input/system/accounts/session.xml index 9062ad5..c85f446 100644 --- a/RHEL6/input/system/accounts/session.xml +++ b/RHEL6/input/system/accounts/session.xml @@ -262,12 +262,20 @@ umask 077</pre> <title>Ensure the Default Umask is Set Correctly in login.defs</title> <description> To ensure the default umask controlled by <tt>/etc/login.defs</tt> is set properly, -add or correct the line: -<pre>UMASK 077<!-- <sub idref="umask_user_value" /> --></pre> +add or correct the <tt>umask</tt> setting in <tt>/etc/login.defs</tt> to read as follows: +<pre>umask 077<!-- <sub idref="umask_user_value" /> --></pre> </description> <rationale>The umask value influences the permissions assigned to files when they are created. A misconfigured umask value could result in files with excessive permissions that can be read and/or written to by unauthorized users.</rationale> +<ocil>Verify the <tt>umask</tt> setting is configured correctly in the <tt>/etc/login.defs</tt> file by +running the following command: +<pre># grep "umask" /etc/login.defs</pre> +All output must show the value of <tt>umask</tt> set to 077, as shown in the below: +<pre># grep "umask" /etc/login.defs +umask 077</pre> +</ocil> + <ident cce="14107-7" /> <oval id="accounts_umask_login_defs" value="umask_user_value" /> <ref nist="CM-6, CM-7"/> -- 1.7.1
_______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
