Check: GEN004380
HP-UX 11.31 STIG:
GEN004380
(in versions v1 r19 through v1 r13)
Title
The alias file must have mode 0644 or less permissive. (Cat II impact)
Discussion
Excessive permissions on the aliases file may permit unauthorized modification. If the alias file is modified by an unauthorized user, they may modify the file to run malicious code or redirect e-mail.
Check Content
Find the aliases file on the system. Procedure: # ls -lL /etc/mail/aliases If the aliases file exists with a mode more permissive than 0644, this is a finding.
Fix Text
Change the mode of the aliases file (or equivalent) to 0644. # chmod 0644 /etc/mail/aliases
Additional Identifiers
Rule ID: SV-35165r1_rule
Vulnerability ID: V-832
Group Title: GEN004380
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000225 |
The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions. |
Controls
Number | Title |
---|---|
AC-6 |
Least Privilege |