To set the default umask to 0027

Purpose

To align with OS-hardening best practices, as defined by the Center for Information Security, or CIS, you can change the default login umask on an NSP component station to restrict file and directory access for non-root users.

Perform this procedure to set the default login umask on an NSP station to 0027.

Steps


1	Log in as the root user on the station that hosts the OS.
2	Open a console window.
3	Back up the following files to a secure location on a station outside the management network for safekeeping: /etc/bashrc /etc/profile /etc/login.defs
4	Enter the following: `#` `sed -i 's/^\([[:space:]]\)\(umask\\|UMASK\)[[:space:]][[:space:]][0-9][0-9][0-9]/\1\2 027/' /etc/bashrc /etc/profile /etc/login.defs ↵`
5	Log out.
6	Log in as the root user.
7	Enter the following: `#` `umask ↵` The current umask value is displayed.
8	Verify that the umask value is 0027.
9	Close the console window. End of steps