Check: GEN004540
      
      
        
  Solaris 9 X86 STIG:
  GEN004540
  
    (in version v1 r9)
  
      
      
    
  Title
The SMTP service HELP command must not be enabled. (Cat II impact)
Discussion
The HELP command should be disabled to mask version information. The version of the SMTP service software could be used by attackers to target vulnerabilities present in specific software versions.
Check Content
Check if Help is disabled in Sendmail. Procedure: # telnet <host> 25 > help If the help command returns any Sendmail version information, this is a finding. If telnet is unavailable for testing, check the value of the HelpFile parameter in the sendmail.cf file. # grep HelpFile /etc/mail/sendmail.cf If the contents of the file indicated by the HelpFile parameter contains any Sendmail version information, this is a finding.
Fix Text
To disable the SMTP HELP command, clear the Sendmail help file. # echo > /etc/mail/helpfile
Additional Identifiers
Rule ID: SV-42309r1_rule
Vulnerability ID: V-12006
Group Title:
Expert Comments
      
        
        
      
      
        
  CCIs
      
      
        
        
      
    
  | Number | Definition | 
|---|---|
| CCI-000366 | Implement the security configuration settings. | 
      
        
        
      
      
        
  Controls
      
      
        
        
      
    
  | Number | Title | 
|---|---|
| CM-6 | Configuration Settings |