STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

V-832

CAT II (Medium)

The alias file must have mode 0644 or less permissive.

Rule ID

SV-45849r1_rule

STIG

SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide

Version

V1R12

CCIs

CCI-000225

Discussion

Excessive permissions on the aliases file may permit unauthorized modification. If the alias file is modified by an unauthorized user, they may modify the file to run malicious code or redirect e-mail.

Check Content

Check the permissions of the alias file.

Procedure:
for sendmail:
# ls -lL /etc/aliases /etc/aliases.db
If an alias file has a mode more permissive than 0644, this is a finding.

for postfix:
Verify the location of the alias file.
# postconf alias_maps

This will return the location of the "aliases" file.

# ls -lL <postfix aliases file> <postfix aliases.db file>
If an alias file has a mode more permissive than 0644, this is a finding.

Fix Text

Change the mode of the alias files as needed to function. No higher than 0644.
Procedure:
for sendmail:
# chmod 0644 /etc/aliases /etc/aliases.db

for postfix:
# chmod 0644 <postfix aliases file> <postfix aliases.db file>