GEN004360 - The alias file must be owned by root - '/etc/aliases'

Information

If the alias file is not owned by root, an unauthorized user may modify the file adding aliases to run malicious code or redirect e-mail.

Solution

Change the owner of the /etc/aliases file to root.

Procedure:
for sendmail:
# chown root /etc/aliases
# chown root /etc/aliases.db

for postfix
# chown root /etc/postfix/aliases
# chown root /etc/postfix/aliases.db

See Also

http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Group-ID|V-831, Rule-ID|SV-37472r2_rule, STIG-ID|GEN004360, Vuln-ID|V-831

Plugin: Unix

Control ID: 4691072753135f640b87d5abd6e83e29011c2e037be098ba1230b9a473287a05