The system must not have the PostOffice Protocol (POP3) service active.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-29509 | GEN009250 | SV-38713r1_rule | ECSC-1 | Medium |
| Description |
|---|
| The POP3 service is only needed if the server is acting as a mail server and clients are using applications that only support POP3. Users' ids and passwords are sent in plain text to the POP3 service. If mail client access is needed, consider using IMAP or SSL enabled POP3. |
| STIG | Date |
|---|---|
| Draft AIX Security Technical Implementation Guide | 2011-08-17 |
Details
| Check Text ( C-37809r1_chk ) |
|---|
| Check the '/etc/inetd.conf' file for active POP3 service. #grep pop3 /etc/inetd.conf | grep -v \# If the POP3 service is enabled, this is a finding. |
| Fix Text (F-33067r1_fix) |
|---|
| Edit /etc/inetd.conf and comment out POP3 the service line. Restart the inetd service. #refresh –s inetd |