configuring a umask for all of the user shells,
Actions Set the selected umask in all known shell startup scripts.
AccountSecurity.umaskyn
Headline | Set the default umask. |
Default | N |
Description | Set the default umask. |
Actions | None. |
AccountSecurity.unowned_files
Headline | Assign unowned files to the bin user. |
Default | N |
Description | Do not leave files owned by users or groups that do not have meaning to the |
| system. If a user or group is later defined with the uid or gid that owns that |
| file, the data could be exposed to potentially unauthorized access. This can |
| happen when a user is deleted without cleaning up the file system. This item |
| will look for files that are not owned by a defined system user or group and |
| assign those files to bin. |
Actions | Find all local files that are not owned by a defined system user and/or group. |
| Assign those files to bin. Remove |
| these files. |
AccountSecurity.user_dot_files
Headline | Remove |
Default | Y |
Description | Dot files, or those that begin with a "." are hidden from standard file lists and |
| are often used for configuration. The combination of being less visible and |
| being used to change the behavior of the user account means that if an incorrect |
| permission is set (perhaps with a loose umask), the account could be subject |
| to attack. This item reviews the local user account store, finds the local home |
| directories, and removes the |
| relatively safe operation. |
Actions | Find all local |
| within those directories do not have |
AccountSecurity.user_rc_files
Headline | Delete .shosts, .rhosts, and .netrc from the local user accounts |
Default | Y |
Description | .shosts, .rhosts, and .netrc are files that sit in the home directories of users and |
| are used to create trust relationships between given users on a system and |
| other systems. Such |
| for an attacker to leverage those trust relationships if they manage to expose |
| an account. If there is no business need for static trust, delete these files. |
Actions | Find all local |
| .rhosts, and .netrc if found within those directories. |
39