Skip to content

UBI FIPS: Error in bashrc due to hardening script

Summary

After the conversion to UBI 9, it appears that a the bashrc hardening of umask has resulted in a malformed script. We should consider (additionally, separately) reviewing all other implemented methods under hardening/.

Details

    # Set default umask for non-login shell only if it is set to 0
    [ `umask` -eq 0 ] && umask 022

Is processed by xccdf_org.ssgproject.content_rule_accounts_umask_etc_bashrc.sh in such a way that it is malformed to "just"

 # Set default umask 027
    [ `umask 027

Actionable

Update the script for use with RHEL/UBI 9, in accordance with https://complianceascode.github.io/content-pages/guides/ssg-rhel9-guide-cis.html so that it does not fail.

Images are now ubi-micro based, so some observation will be required compared to default scripting pattern assumptions.