STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide

V-239651

CAT II (Medium)

The SLES for vRealize must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.

Rule ID

SV-239651r662404_rule

STIG

VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-000366

Discussion

Setting the most restrictive default permissions ensures that when new accounts are created they do not have unnecessary access.

Check Content

Check for the configured umask value in login.defs with the following command:

# grep UMASK /etc/login.defs

If the default umask is not "077", this a finding.

Note: If the default umask is "000" or allows for the creation of world-writable files this becomes a CAT I finding.

Fix Text

To configure the correct UMASK setting run the following command:

# sed -i "/^[^#]*UMASK/ c\UMASK 077" /etc/login.defs

NOTE: Setting "UMASK 077" will break upgrades and other possible functionality within the product. When making upgrades to the system, you will need to revert this UMASK setting to the default for the duration of upgrades and then re-apply.