UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must not use .forward files.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4385 GEN004580 SV-37506r1_rule ECSC-1 Medium
Description
The .forward file allows users to automatically forward mail to another system. Use of .forward files could allow the unauthorized forwarding of mail and could potentially create mail loops which could degrade system performance.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2014-04-02

Details

Check Text ( C-36165r1_chk )
Check forwarding capability from sendmail.

Procedure:
grep "0 ForwardPath" /etc/mail/sendmail.cf

If the entry contains a file path, this is a finding.

Search for any .forward in users home directories on the system by:

# for pwline in `cut -d: -f1,6 /etc/passwd`; do homedir=`echo ${pwline}|cut -d: -f2`;username=`echo ${pwline} | cut -d: -f1`;echo $username `stat -c %n $homedir/.forward 2>null`; done|egrep "\.forward"

If any users have a .forward file in their home directory, this is a finding.

Fix Text (F-31416r1_fix)
Disable forwarding for sendmail and remove .forward files from the system

Procedure:
Edit the /etc/mail/sendmail.mc file to change the ForwardPath entry to a null path by adding the line
define(`confFORWARD_PATH`,`')
rebuild the sendmail.cf file.

Remove all .forward files on the system
# find / -name .forward -delete