{"description": "To ensure the default umask for users of the Bash shell is set properly,\nadd or correct the umask setting in /etc/bash.bashrc to read\nas follows:\numask
", "rationale": "The umask value influences the permissions assigned to files when they are created.\nA misconfigured umask value could result in files with excessive permissions that can be read or\nwritten to by unauthorized users.", "severity": "medium", "references": {"cis-csc": ["18"], "cobit5": ["APO13.01", "BAI03.01", "BAI03.02", "BAI03.03"], "isa-62443-2009": ["4.3.4.3.3"], "iso27001-2013": ["A.14.1.1", "A.14.2.1", "A.14.2.5", "A.6.1.5"], "nerc-cip": ["CIP-003-8 R5.1.1", "CIP-003-8 R5.3", "CIP-004-6 R2.3", "CIP-007-3 R2.1", "CIP-007-3 R2.2", "CIP-007-3 R2.3", "CIP-007-3 R5.1", "CIP-007-3 R5.1.1", "CIP-007-3 R5.1.2"], "nist": ["AC-6(1)", "CM-6(a)"], "nist-csf": ["PR.IP-2"], "srg": ["SRG-OS-000480-GPOS-00228", "SRG-OS-000480-GPOS-00227"], "anssi": ["R36"], "cis": ["5.4.3.3"]}, "control_references": {"anssi": ["R36"], "cis": ["5.4.3.3"]}, "components": [], "identifiers": {}, "ocil_clause": "the value for the \"umask\" parameter is not \"\", or the \"umask\" parameter is missing or is commented out", "ocil": "Verify the umask setting is configured correctly in the /etc/bash.bashrc file with the following command:\n\n$ sudo grep \"umask\" /etc/bash.bashrc\n\numask
", "oval_external_content": null, "fixtext": "Configure Ubuntu 22.04 to define default permissions for all authenticated users using the bash shell.\n\nAdd or edit the lines for the \"umask\" parameter in the \"/etc/bash.bashrc\" files to \"\":\n\numask ", "checktext": "Verify the \"umask\" setting is configured correctly in the \"/etc/bashrc\" file with the following command:\n\nNote: If the value of the \"umask\" parameter is set to \"000\" \"/etc/bashrc\" file, the Severity is raised to a CAT I.\n\n$ grep umask /etc/bashrc\n\numask 077\numask 077\n\nIf the value for the \"umask\" parameter is not \"077\", or the \"umask\" parameter is missing or is commented out, this is a finding.", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must define default permissions for the bash shell.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must define default permissions for the bash shell.", "vuldiscussion": "The umask controls the default access mode assigned to newly created files. A umask of 077 limits new files to mode 600 or less permissive. Although umask can be represented as a four-digit number, the first digit representing special access modes is typically ignored or required to be \"0\". This requirement applies to the globally configured system defaults and the local interactive user defaults for each account on the system.", "checktext": "Verify the \"umask\" setting is configured correctly in the \"/etc/bashrc\" file with the following command:\n\nNote: If the value of the \"umask\" parameter is set to \"000\" \"/etc/bashrc\" file, the Severity is raised to a CAT I.\n\n$ grep umask /etc/bashrc\n\n[ `umask` -eq 0 ] && umask 077\n\nIf the value for the \"umask\" parameter is not \"077\", or the \"umask\" parameter is missing or is commented out, this is a finding.", "fixtext": "Configure Ubuntu 22.04 to define default permissions for all authenticated users using the bash shell.\n\nAdd or edit the lines for the \"umask\" parameter in the \"/etc/bashrc\" file to \"077\":\n\numask 077"}}, "platform": "package[bash]", "platforms": ["package[bash]"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["package_bash"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Ensure the Default Bash Umask is Set Correctly", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml", "template": null}