Navigate

Check: RHEL-09-215020

RHEL 9 STIG: RHEL-09-215020 (in versions v1 r3 through v1 r1)

Title

RHEL 9 must not have the sendmail package installed. (Cat II impact)

Discussion

The sendmail software was not developed with security in mind, and its design prevents it from being effectively contained by SELinux. Postfix must be used instead. Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000095-GPOS-00049

Check Content

Verify that the sendmail package is not installed with the following command: $ sudo dnf list --installed sendmail Error: No matching Packages to list If the "sendmail" package is installed, this is a finding.

Fix Text

Remove the sendmail package with the following command: $ sudo dnf remove sendmail

Additional Identifiers

Rule ID: SV-257827r925468_rule

Vulnerability ID: V-257827

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.
CCI-000381	The organization configures the information system to provide only essential capabilities.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings
CM-7	Least Functionality