STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

SMTP service must not have the EXPN or VRFY features active on AIX systems.

DISA Rule

SV-215415r508663_rule

Vulnerability Number

V-215415

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AIX7-00-003117

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit the "sendmail.cf" file and add or edit the following line:
O PrivacyOptions=goaway

Restart the "Sendmail" service:
# startsrc -s sendmail -a "-bd -q30m"

Check Contents

Check the "PrivacyOptions" parameter in "/etc/mail/sendmail.cf":
# grep -v "^#" /etc/mail/sendmail.cf |grep -i privacyoptions

The above command should yield the following output:
O PrivacyOptions=goaway

The "O PrivacyOptions" should have the "goaway" option (covering both noexpn and novrfy).

If the "O PrivacyOptions" value does not contain "goaway", this is a finding.

Vulnerability Number

V-215415

Documentable

False

Rule Version

AIX7-00-003117

Severity Override Guidance

Check the "PrivacyOptions" parameter in "/etc/mail/sendmail.cf":
# grep -v "^#" /etc/mail/sendmail.cf |grep -i privacyoptions

The above command should yield the following output:
O PrivacyOptions=goaway

The "O PrivacyOptions" should have the "goaway" option (covering both noexpn and novrfy).

If the "O PrivacyOptions" value does not contain "goaway", this is a finding.

Check Content Reference

M

Target Key

4012

Comments