UCF STIG Viewer Logo

Files executed through a mail aliases file must be group-owned by root, bin, or sys, and must reside within a directory group-owned by root, bin, or sys.


Overview

Finding ID Version Rule ID IA Controls Severity
V-227841 GEN004410 SV-227841r603266_rule Medium
Description
If a file executed through a mail aliases file is not group-owned by root or a system group, it may be subject to unauthorized modification. Unauthorized modification of files executed through aliases may allow unauthorized users to attain root privileges.
STIG Date
Solaris 10 X86 Security Technical Implementation Guide 2022-09-07

Details

Check Text ( C-30003r489898_chk )
Examine the contents of the /etc/mail/aliases file.
For each file referenced, check the group ownership of the file.

Procedure:
# ls -lL

If the group owner of any file is not root, bin, or sys, this is a finding.
Fix Text (F-29991r489899_fix)
Change the group ownership of the file referenced from /etc/mail/aliases.

Procedure:
# chgrp root