GEN004360 - The alias file must be owned by root - '/etc/postfix/aliases.db'

Information

If the alias file is not owned by root, an unauthorized user may modify the file adding aliases to run malicious code or redirect e-mail.

Solution

Change the owner of the /etc/aliases file to root.

Procedure:
for sendmail:
# chown root /etc/aliases
# chown root /etc/aliases.db

for postfix
# chown root /etc/postfix/aliases
# chown root /etc/postfix/aliases.db

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-6, 800-53|CM-5(6), CAT|II, CCI|CCI-000225, CCI|CCI-001499, Rule-ID|SV-218531r603259_rule, STIG-ID|GEN004360, STIG-Legacy|SV-63607, STIG-Legacy|V-831, Vuln-ID|V-218531

Plugin: Unix

Control ID: 48a8a4eaaf25d592fa620fc2f8caf64a04f679ba65dd751ea9c5516346f82c47