UCF STIG Viewer Logo

The SMTP service log file must not have an extended ACL.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22442 GEN004510 SV-38368r1_rule ECLP-1 Medium
Description
If the SMTP service log file has an extended ACL, unauthorized users may be allowed to access or to modify the log file.
STIG Date
HP-UX 11.31 Security Technical Implementation Guide 2018-09-14

Details

Check Text ( C-36568r1_chk )
Examine /etc/syslog.conf and determine the log file(s) receiving logs for mail.crit, mail.debug, mail.*, or *.crit.
# cat /etc/syslog.conf | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' | grep -v "^#" | \
egrep -i "mail.crit|mail.\*|\*.crit|mail.debug|\*.debug" | cut -f 2,2 -d " " | \
uniq | xargs -n1 ls -lL

Check the permissions on these log files.
# ls -lL

If the permissions include a "+", the file has an extended ACL, this is a finding.
Fix Text (F-31936r1_fix)
Remove the optional ACL from the log file.
# chacl -z