Merge pull request ComplianceAsCode#11639 from vojtapolasek/update_an…

…ssi_r36 update notes of the R36 requirement for ANSSI
rumch-se · Mar 1, 2024 · d1c752a · d1c752a
2 parents eb2f364 + ffceb64
commit d1c752a
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/controls/anssi.yml b/controls/anssi.yml
@@ -862,7 +862,10 @@ controls:
       and its group, and a full access to its owner. For services such as systemd, this value can
       be defined directly in the configuration file of the service with the directive UMask=0027.
     notes: >-
-      Currently there is no rule to check and remediate the UMask directive in systemd.
+      There are cases of Systemd services which would stop working in case umask
+      would be configured to 0027 for all services. One such example is the
+      Cups service which needs to create sockets which need to be available for
+      all users. Therefore, this part of the requirement can't be automated.
     status: partial
     rules:
       - accounts_umask_etc_bashrc