Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-240444 | VRAU-SL-000615 | SV-240444r671073_rule | Medium |
Description |
---|
The version of the SMTP service can be used by attackers to plan an attack based on vulnerabilities present in the specific version. |
STIG | Date |
---|---|
VMware vRealize Automation 7.x SLES Security Technical Implementation Guide | 2021-06-24 |
Check Text ( C-43677r671071_chk ) |
---|
To check for the sendmail version being displayed in the greeting: # more /etc/sendmail.cf | grep SmtpGreetingMessage If it returns the following: O SmtpGreetingMessage=$j Sendmail $v/$Z; $b Then sendmail is providing version information, and this is a finding. |
Fix Text (F-43636r671072_fix) |
---|
Change the "O SmtpGreetingMessage" line in the /etc/sendmail.cf file to: O SmtpGreetingMessage= Mail Server Ready ; $b |