Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-12006 | GEN004540 | SV-45863r2_rule | Medium |
Description |
---|
The HELP command should be disabled to mask version information. The version of the SMTP service software could be used by attackers to target vulnerabilities present in specific software versions. |
STIG | Date |
---|---|
SUSE Linux Enterprise Server v11 for System z | 2017-05-18 |
Check Text ( C-43159r1_chk ) |
---|
Check if the sendmail package is installed: # rpm –q sendmail If sendmail is not installed, this check is not applicable. Check if Help is disabled. This rule is for “sendmail” only and not applicable to “Postfix”. Procedure: # telnet > help If the help command returns any sendmail version information, this is a finding. |
Fix Text (F-39244r3_fix) |
---|
To disable the SMTP HELP command, remove, rename or empty the /usr/lib/sendmail.d.helpfile file. # echo > /usr/lib/sendmail.d/helpfile |