STIGQter STIGQter: STIG Summary: Oracle Linux 5 Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 26 Oct 2018: The SMTP service log file must be owned by root.

DISA Rule

SV-63751r3_rule

Vulnerability Number

V-837

Group Title

GEN004480

Rule Version

GEN004480

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Change the ownership of the sendmail log file.

Procedure:

The fix procedure is the same for both sendmail and Postfix.

# chown root <sendmail log file>

Check Contents

Locate any mail log files by checking the syslog configuration file.

Procedure:

The check procedure is the same for both sendmail and Postfix.

Identify any log files configured for the "mail" service (excluding mail.none) at any severity level and check the ownership. Depending on what system is used for log processing, either /etc/syslog.conf or /etc/rsyslog.conf will be the logging configuration file.

For syslog:

# egrep "mail\.[^n][^/]*" /etc/syslog.conf|sed 's/^[^/]*//'|xargs ls -lL

For rsyslog:

# egrep "mail\.[^n][^/]*" /etc/rsyslog.conf|sed 's/^[^/]*//'|xargs ls -lL

If any mail log file is not owned by root, this is a finding.

Vulnerability Number

V-837

Documentable

False

Rule Version

GEN004480

Severity Override Guidance

Locate any mail log files by checking the syslog configuration file.

Procedure:

The check procedure is the same for both sendmail and Postfix.

Identify any log files configured for the "mail" service (excluding mail.none) at any severity level and check the ownership. Depending on what system is used for log processing, either /etc/syslog.conf or /etc/rsyslog.conf will be the logging configuration file.

For syslog:

# egrep "mail\.[^n][^/]*" /etc/syslog.conf|sed 's/^[^/]*//'|xargs ls -lL

For rsyslog:

# egrep "mail\.[^n][^/]*" /etc/rsyslog.conf|sed 's/^[^/]*//'|xargs ls -lL

If any mail log file is not owned by root, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2207

Comments