STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018: STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:SV-99173r1_rule
V-88523
SRG-OS-000096-GPOS-00050
VROM-SL-000535
CAT II
10
If SLES for vRealize does not need to receive mail from external hosts, add one or more "DaemonPortOptions" lines referencing system loopback addresses (such as "O DaemonPortOptions=Addr=127.0.0.1,Port=smtp,Name=MTA") and remove lines containing non-loopback addresses.
# sed -i "s/O DaemonPortOptions=Name=MTA/O DaemonPortOptions=Addr=127.0.0.1,Port=smtp,Name=MTA/" /etc/sendmail.cf
Restart the sendmail service:
# service sendmail restart
Determine if Sendmail only binds to loopback addresses by examining the "DaemonPortOptions" configuration options.
# grep -i "O DaemonPortOptions" /etc/sendmail.cf
If there are uncommented "DaemonPortOptions" lines, and all such lines specify system loopback addresses, this is not a finding.
Otherwise, determine if "Sendmail" is configured to allow open relay operation.
# grep -i promiscuous_relay /etc/mail/sendmail.mc
If the promiscuous relay feature is enabled, this is a finding.
V-88523
False
VROM-SL-000535
Determine if Sendmail only binds to loopback addresses by examining the "DaemonPortOptions" configuration options.
# grep -i "O DaemonPortOptions" /etc/sendmail.cf
If there are uncommented "DaemonPortOptions" lines, and all such lines specify system loopback addresses, this is not a finding.
Otherwise, determine if "Sendmail" is configured to allow open relay operation.
# grep -i promiscuous_relay /etc/mail/sendmail.mc
If the promiscuous relay feature is enabled, this is a finding.
M
3461