Umask (parsing startup scripts) (UNIX)

Module: User Files

This option determines how the Umask check is performed. When this option is selected, Symantec ESM attempts to manually search each user's startup scripts for umask commands. Use the name list to specify scripts that should be parsed. Scripts listed using a relative path will be read from the user's home directory. Do not select this option if you select either the Umask (using su) option or the Umask (modifying startup script) option. They are mutually exclusive.

The following table lists the error messages for the check.

Table: Error messages for Umask (parsing startup scripts)

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_UMASK Category: System Error	UNIX (5439)	Title: Unsafe umask Description:The named user has umask settings that allow too much access to group and others. The umask specifies an octal number that is subtracted from the permissions when a file is created. Lower number settings grant more access. See umask(1) in the man pages for more information. Symantec ESM's default minimum umask value provides normal security. This value is 027. It creates executables with permissions of 750 and other files with permissions of 640. You should change the umask command in the .login, .cshrc, or .profile script file for named users.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_NOENVCHK Category: System Error	UNIX (5442)	Title: Did not check user's environment Description:The User Files module did not check the named user's environment. It is important to run environment checks for every user. The reason the checks were not completed is listed next to the user's name. The environment checks execute the user's startup files to check the user's path and umask. You should correct the named problems so the User Files module can complete properly.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_UMASK

Category: System Error

UNIX (5439)

Title: Unsafe umask

Description:The named user has umask settings that allow too much access to group and others. The umask specifies an octal number that is subtracted from the permissions when a file is created. Lower number settings grant more access. See umask(1) in the man pages for more information. Symantec ESM's default minimum umask value provides normal security. This value is 027. It creates executables with permissions of 750 and other files with permissions of 640. You should change the umask command in the .login, .cshrc, or .profile script file for named users.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_NOENVCHK

Category: System Error

UNIX (5442)

Title: Did not check user's environment

Description:The User Files module did not check the named user's environment. It is important to run environment checks for every user. The reason the checks were not completed is listed next to the user's name. The environment checks execute the user's startup files to check the user's path and umask. You should correct the named problems so the User Files module can complete properly.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]