|Platform: macosx10.10||Date: (C)2015-06-23 (M)2017-11-21|
Set the Global Umask Setting for the System
The default global umask setting must be set to '022' for system processes. The setting '022' ensures that system process created files and directories will only be readable by other users and processes, not writable. This mitigates the risk that unauthorized users might be able to write to files and directories created by system processes. A more restrictive setting could potentially break the normal functionality of the system.
To view the umask setting, run the following command:
If the setting is not '0022', this is a finding.
|SCAP Repo OVAL Definition||oval:org.secpod.oval:def:25110|