GEN004370 - The aliases file must be group-owned by sys, bin, or system.

Information

If the alias file is not group-owned by a system group, an unauthorized user may modify the file to add aliases to run malicious code or redirect e-mail.

Solution

Change the group owner of the /etc/mail/aliases file.
Procedure:
# chgrp system /etc/mail/aliases

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Rule-ID|SV-40683r1_rule, STIG-ID|GEN004370, Vuln-ID|V-22438

Plugin: Unix

Control ID: d802e3d9db4056c7261b5c8c74c6f899ddfac748050f979041d2f50ab8a27f46