For SSGID Ensure the Default Umask is Set Correctly in /etc/profile - (CCE-26669-2), with the usgcb-rhel6-server profile selected from the SCAP stream, when run with SCC 3.1.1.1, may produce a false-positive on a RHEL6V1R2 complaint machine. The STIG value is 077. The SSG content “Description” also states a value of 077. However the SSG content state requirement is “subexpression must be equal to '027'” See the following report output: Ensure the Default Umask is Set Correctly in /etc/profile ID: user_umask_profile Result: Fail Identities: CCE-26669-2 Description: To ensure the default umask controlled by /etc/profile is set properly, add or correct the umask setting in /etc/profile to read as follows: umask 077 Fix Text: Severity: low Weight: Reference: 366 Definitions: ID: oval:ssg:def:1204 Result: false Title: Ensure that Users Have Sensible Umask Values in /etc/profile Description: The default umask for all users should be set correctly Class: compliance Tests:
false (All item-state comparisons must be true.) false (Tests the value of the ^[\s]*umask[\s]+([^#]*) expression in the /etc/profile file) Tests: Test ID: oval:ssg:tst:1205 Result: false Title: Tests the value of the ^[\s]*umask[\s]+([^#]*) expression in the /etc/profile file Check Existence: All collected items must exist. Check: All collected items must match the given state(s). State Operator: All item-state comparisons must be true. Object ID: oval:ssg:obj:2176 Object Requirements: path must be equal to '/etc' filename must be equal to 'profile' pattern must match the pattern '^[\s]*umask[\s]+([^#\s]*)' instance must be equal to '1' State ID: oval:ssg:ste:2177 State Requirements: subexpression must be equal to '027' Collected Item Properties: filepath equals '/etc/profile' path equals '/etc' _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
