Check: GEN004540
HP-UX 11.31 STIG:
GEN004540
(in versions v1 r19 through v1 r14)
Title
The SMTP service HELP command must not be enabled. (Cat II impact)
Discussion
The HELP command should be disabled to mask version information. The version of the SMTP service software could be used by attackers to target vulnerabilities present in specific software versions.
Check Content
Verify that the Help command is disabled in Sendmail: # ls -al /etc/mail/helpfile If the file does not exist, this is not a finding. If the help file does exist, verify that the file is empty: # cat /etc/mail/helpfile If the help file is not empty, this is a finding.
Fix Text
To disable the SMTP HELP command, remove or empty the Sendmail help file: /etc/mail/helpfile.
Additional Identifiers
Rule ID: SV-35059r2_rule
Vulnerability ID: V-12006
Group Title: GEN004540
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |