Check: GEN004380
Solaris 9 X86 STIG:
GEN004380
(in version v1 r9)
Title
The alias file must have mode 0644 or less permissive. (Cat II impact)
Discussion
Excessive permissions on the aliases file may permit unauthorized modification. If the alias file is modified by an unauthorized user, they may modify the file to run malicious code or redirect email.
Check Content
Find the alias files on the system. Procedure: # egrep '^O(A| AliasFile)' /etc/mail/sendmail.cf If the alias file is an NIS or LDAP map, this check is not applicable. The default location is /etc/mail/aliases. Check the permissions of the alias file and the hashed version of it used by sendmail. Procedure: # ls -lL /etc/mail/aliases /etc/mail/aliases.db If the alias files have a mode more permissive than 0644, this is a finding.
Fix Text
Change the mode of the /etc/mail/aliases files (or equivalent, such as /usr/lib/aliases) to 0644. Procedure: # chmod 0644 /etc/mail/aliases /etc/mail/aliases.db
Additional Identifiers
Rule ID: SV-40651r1_rule
Vulnerability ID: V-832
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000225 |
The organization employs the concept of least privilege, allowing only authorized accesses for users (and processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions. |
Controls
| Number | Title |
|---|---|
| AC-6 |
Least Privilege |