Title

The mail system must forward all mail for root to one or more system administrators. (Cat II impact)

Discussion

A number of system services utilize email messages sent to the root user to notify system administrators of active or impending issues. These messages must be forwarded to at least one monitored email address.

Check Content

Find the list of alias maps used by the Postfix mail server: # postconf alias_maps Query the Postfix alias maps for an alias for "root": # postmap -q root hash:/etc/aliases If there are no aliases configured for root that forward to a monitored email address, this is a finding.

Fix Text

Set up an alias for root that forwards to a monitored email address: # echo "root: <system.administrator>@mail.mil" >> /etc/aliases # newaliases

Additional Identifiers

Rule ID: SV-218100r603264_rule

Vulnerability ID: V-218100

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.