STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to VMware vRealize Automation 7.x SLES Security Technical Implementation Guide

V-240447

CAT II (Medium)

The SMTP service must not have the VRFY feature active.

Rule ID

SV-240447r671082_rule

STIG

VMware vRealize Automation 7.x SLES Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-000382

Discussion

The VRFY (Verify) command allows an attacker to determine if an account exists on a system, providing significant assistance to a brute force attack on user accounts. VRFY may provide additional information about users on the system, such as the full names of account owners.

Check Content

Use the following command to check if VRFY is disabled:

# grep -v "^#" /etc/sendmail.cf |grep -i PrivacyOptions

If "novrfy" is not returned, this is a finding.

Fix Text

Add "novrfy" to the "PrivacyOptions" flag in /etc/sendmail.cf