An error occurred:

Check: GEN004440

SUSE Linux Enterprise Server v11 for System z STIG: GEN004440 (in versions v1 r12 through v1 r9)

Title

Sendmail logging must not be set to less than nine in the sendmail.cf file. (Cat III impact)

Discussion

If Sendmail is not configured to log at level 9, system logs may not contain the information necessary for tracking unauthorized use of the sendmail service.

Check Content

If the “sendmail” package is not installed, this is not applicable. Check if the sendmail package is installed: # rpm –q sendmail If it is installed, the logging level must be set to level nine: Procedure: for sendmail: # grep "O L" /etc/mail/sendmail.cf OR # grep LogLevel /etc/mail/sendmail.cf If logging is set to less than nine, this is a finding. for Postfix: This rule is not applicable to postfix which does not use "log levels" in the same fashion as sendmail.

Fix Text

Edit the sendmail.conf file, locate the "O L" or "LogLevel" entry and change it to 9.

Additional Identifiers

Rule ID: SV-45856r2_rule

Vulnerability ID: V-835

Group Title: GEN004440

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings