UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Files executed through a mail aliases file must be group-owned by root, bin, sys, or system, and must reside within a directory group-owned by root, bin, sys, or system.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22440 GEN004410 SV-45852r1_rule Medium
Description
If a file executed through a mail aliases file is not group-owned by root or a system group, it may be subject to unauthorized modification. Unauthorized modification of files executed through aliases may allow unauthorized users to attain root privileges.
STIG Date
SUSE Linux Enterprise Server v11 for System z 2016-12-20

Details

Check Text ( C-43150r1_chk )
Examine the contents of the /etc/aliases file.

Procedure:
# more /etc/aliases
Examine the aliases file for any utilized directories or paths.

# ls -lL
Check the permissions for any paths referenced.
If the group owner of any file is not root, bin, sys, or system, this is a finding.
Fix Text (F-39236r1_fix)
Change the group ownership of the file referenced from /etc/aliases.

Procedure:
# chgrp root