{"description": "The sudo <tt>umask</tt> tag, when specified, will be added the to the user's umask in the\ncommand environment.\nThe umask should be configured by making sure that the <tt>umask=<sub idref=\"var_sudo_umask\" /></tt> tag exists in\n<tt>/etc/sudoers</tt> configuration file or any sudo configuration snippets\nin <tt>/etc/sudoers.d/</tt>.", "rationale": "The umask value influences the permissions assigned to files when they are created.\nA misconfigured umask value could result in files with excessive permissions that can be read or\nwritten to by unauthorized users.", "severity": "medium", "references": {"anssi": ["R39"]}, "control_references": {"anssi": ["R39"]}, "components": [], "identifiers": {}, "ocil_clause": "umask is not set with the appropriate value for sudo", "ocil": "To determine if <tt>umask</tt> has been configured for sudo with the appropriate value,\nrun the following command:\n<pre>$ sudo grep -ri '^Defaults.*umask=<sub idref=\"var_sudo_umask\" />' /etc/sudoers /etc/sudoers.d/</pre>\nThe command should return a matching output.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Ensure sudo umask is appropriate - sudo umask", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml", "template": {"name": "sudo_defaults_option", "vars": {"option": "umask", "variable_name": "var_sudo_umask"}, "backends": {}}}