6.2.11 Ensure no users have .forward files

Information

The .forward file specifies an email address to forward the user's mail to.

Rationale:

Use of the .forward file poses a security risk in that sensitive data may be inadvertently
transferred outside the organization. The .forward file also poses a risk as it can be used to
execute commands that may perform unintended actions.

Solution

Making global modifications to users' files without alerting the user community can result
in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring
policy be established to report user .forward files and determine the action to be taken in
accordance with site policy.

Notes:

On some distributions the /sbin/nologin should be replaced with /usr/sbin/nologin.

See Also

https://workbench.cisecurity.org/files/2420