Navigate

Check: AIX7-00-003038

IBM AIX 7.x STIG: AIX7-00-003038 (in versions v2 r9 through v1 r1)

Title

AIX sendmail logging must not be set to less than nine in the sendmail.cf file. (Cat II impact)

Discussion

If Sendmail is not configured to log at level 9, system logs may not contain the information necessary for tracking unauthorized use of the sendmail service.

Check Content

Check if "Sendmail" logging is set to level "9" by running command: # grep "^O LogLevel" /etc/mail/sendmail.cf O LogLevel=9 If logging is set to less than "9", this is a finding.

Fix Text

Edit /etc/mail/sendmail.cf file, locate the "O LogLevel" line, or add a new line if necessary, and change the log level to "9". The new LogLevel line should be: O LogLevel=9

Additional Identifiers

Rule ID: SV-215344r508663_rule

Vulnerability ID: V-215344

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings