The system must not use .forward files.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4385 | GEN004580 | SV-45868r1_rule | Medium |
| Description |
|---|
| The .forward file allows users to automatically forward mail to another system. Use of .forward files could allow the unauthorized forwarding of mail and could potentially create mail loops which could degrade system performance. |
| STIG | Date |
|---|---|
| SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide | 2018-09-19 |
Details
| Check Text ( C-43176r1_chk ) |
|---|
| Determine if sendmail is installed # rpm -qa | grep -i sendmail This check only applies to systems that have the sendmail package installed. Check forwarding capability from sendmail. Procedure: grep "0 ForwardPath" /etc/mail/sendmail.cf If the entry contains a file path, this is a finding. Search for any .forward in users home directories on the system by: # for pwline in `cut -d: -f1,6 /etc/passwd`; do homedir=`echo ${pwline}|cut -d: -f2`;username=`echo ${pwline} | cut -d: -f1`;echo $username `stat -c %n $homedir/.forward 2>/dev/null`; done|egrep "\.forward" If any users have a .forward file in their home directory, this is a finding. |
| Fix Text (F-39246r1_fix) |
|---|
| Disable forwarding for sendmail and remove .forward files from the system Procedure: Edit the /etc/mail/sendmail.mc file to change the ForwardPath entry to a null path by adding the line define(`confFORWARD_PATH`,`') rebuild the sendmail.cf file. Remove all .forward files on the system # find / -name .forward -delete |