Navigate

Check: RHEL-09-215020

RHEL 9 STIG: RHEL-09-215020 (in version v2 r3)

Title

RHEL 9 must not have the sendmail package installed. (Cat II impact)

Discussion

The sendmail software was not developed with security in mind, and its design prevents it from being effectively contained by SELinux. Postfix must be used instead. Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000095-GPOS-00049

Check Content

Verify that the sendmail package is not installed with the following command: $ dnf list --installed sendmail Error: No matching Packages to list If the "sendmail" package is installed, this is a finding.

Fix Text

Remove the sendmail package with the following command: $ sudo dnf remove sendmail

Additional Identifiers

Rule ID: SV-257827r1044892_rule

Vulnerability ID: V-257827

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000381	Configure the system to provide only organization-defined mission essential capabilities.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-7	Least Functionality