Detections
Analytics
GEN004660 - The SMTP service must not have the EXPN feature active.
Information
The SMTP EXPN function allows an attacker to determine if an account exists on a system, providing significant assistance to a brute force attack on user accounts. EXPN may also provide additional information concerning users on the system, such as the full names of account owners.Solution
Rebuild /etc/mail/sendmail.cf with the 'noexpn' Privacy Flag set.Procedure:
Edit /etc/mail/sendmail.mc resetting the Privacy Flags to the default:
define('confPRIVACYFLAGS', 'authwarnings,novrfy,noexpn,restrictqrun')dnl
Rebuild the sendmail.cf file with:
# make -C /etc/mail
Restart the sendmail service.
# service sendmail restart
See Also
http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip
Item Details
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|III, CCI|CCI-000366, Group-ID|V-4692, Rule-ID|SV-37510r1_rule, STIG-ID|GEN004660, Vuln-ID|V-4692
Plugin: Unix
Control ID: 797615e099e0836fa67a8256d36d3d03e2e37c1f21a5e0b107249987c1530282