STIGQter STIGQter: STIG Summary: Oracle Linux 5 Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 26 Oct 2018: The SMTP service log file must have mode 0644 or less permissive.

DISA Rule

SV-63753r3_rule

Vulnerability Number

V-838

Group Title

GEN004500

Rule Version

GEN004500

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Change the mode of the SMTP service log file.

Procedure:

The fix procedure is the same for both sendmail and Postfix.

# chmod 0644 <sendmail log file>

Check Contents

Check the mode of the SMTP service log file.

Procedure:

The check procedure is the same for both sendmail and Postfix.

Identify any log files configured for the "mail" service (excluding mail.none) at any severity level and check the permissions. Depending on what system is used for log processing, either /etc/syslog.conf or /etc/rsyslog.conf will be the logging configuration file.

For syslog:

# egrep "mail\.[^n][^/]*" /etc/syslog.conf|sed 's/^[^/]*//'|xargs ls -lL

For rsyslog:

# egrep "mail\.[^n][^/]*" /etc/rsyslog.conf|sed 's/^[^/]*//'|xargs ls -lL

If the log file permissions are greater than 0644, this is a finding.

Vulnerability Number

V-838

Documentable

False

Rule Version

GEN004500

Severity Override Guidance

Check the mode of the SMTP service log file.

Procedure:

The check procedure is the same for both sendmail and Postfix.

Identify any log files configured for the "mail" service (excluding mail.none) at any severity level and check the permissions. Depending on what system is used for log processing, either /etc/syslog.conf or /etc/rsyslog.conf will be the logging configuration file.

For syslog:

# egrep "mail\.[^n][^/]*" /etc/syslog.conf|sed 's/^[^/]*//'|xargs ls -lL

For rsyslog:

# egrep "mail\.[^n][^/]*" /etc/rsyslog.conf|sed 's/^[^/]*//'|xargs ls -lL

If the log file permissions are greater than 0644, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2207

Comments