[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-95042-8

Platform: cpe:/o:debian:debian_linux:11.x, cpe:/o:ubuntu:ubuntu_linux:20.04, cpe:/o:ubuntu:ubuntu_linux:22.04, cpe:/o:ubuntu:ubuntu_linux:23.04Date: (C)2020-10-15   (M)2023-09-01



The default umask determines the permissions of files created by users. The user creating the file has the discretion of making their files and directories readable by others via the chmod command. Users who wish to allow their files and directories to be readable by others by default may choose a different default umask by inserting the umask command into the standard shell configuration files (.profile, .bashrc, etc.) in their home directories. Rationale: Setting a very secure default value for umask ensures that users make a conscious choice about their file permissions. A default umask setting of 077 causes files and directories created by users to not be readable by any other user on the system. A umask of 027 would make files and directories readable by users in the same Unix group. A umask of 022 would make files readable by every user on the system. Note: The directives in this section apply to bash and shell. If other shells are supported on the system, it is recommended that their configuration files also are checked. Fix: Edit the /etc/login.defs file (and the appropriate files for any other shell supported on your system as necessary) and set the UMASK parameter as shown: UMASK 077


Parameter:

[umask_077]


Technical Mechanism:

Edit the /etc/login.defs file (and the appropriate files for any other shell supported on your system as necessary) and set the UMASK parameter as shown: UMASK 077

CCSS Severity:CCSS Metrics:
CCSS Score : 8.4Attack Vector: LOCAL
Exploit Score: 2.5Attack Complexity: LOW
Impact Score: 5.9Privileges Required: NONE
Severity: HIGHUser Interaction: NONE
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: HIGH
 Availability: HIGH
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:87301
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:92207
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:85118
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:65950


OVAL    4
oval:org.secpod.oval:def:65950
oval:org.secpod.oval:def:92207
oval:org.secpod.oval:def:85118
oval:org.secpod.oval:def:87301
...
XCCDF    7
xccdf_org.secpod_benchmark_NIST_800_53_r5_Debain_11
xccdf_org.secpod_benchmark_general_Ubuntu_23.04
xccdf_org.secpod_benchmark_NIST_800_53_r5_Debian_11
xccdf_org.secpod_benchmark_general_Ubuntu_22.04
...

© SecPod Technologies