GEN004400 - Files executed through a mail aliases file must be owned by root and must reside within a directory owned and writable only by root.

Information

If a file executed through a mail aliases file is not owned and writable only by root, it may be subject to unauthorized modification. Unauthorized modification of files executed through aliases may allow unauthorized users to attain root privileges.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Edit the /etc/mail/aliases file (alternatively, /usr/lib/sendmail.cf). Locate the entries executing a program. They will appear similar to the following line.

Aliasname: : /usr/local/bin/ls (or some other program name)

Ensure root owns the programs and the directory(ies) they reside in by using the chown command to change owner to root.
Procedure:
# chown root filename

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_SPARC_V2R4_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3(4), CAT|I, CCI|CCI-002165, Rule-ID|SV-226933r854436_rule, STIG-ID|GEN004400, STIG-Legacy|SV-833, STIG-Legacy|V-833, Vuln-ID|V-226933

Plugin: Unix

Control ID: e6927721e4c4c8ed5f11d78710ea95a16758d1e2c949d7fc3187af7115d3326a