STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018: STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:SV-100291r1_rule
V-89641
SRG-OS-000096-GPOS-00050
VRAU-SL-000555
CAT II
10
If the SLES for vRealize does not need to receive mail from external hosts, add one or more "DaemonPortOptions" lines referencing system loopback addresses (such as "O DaemonPortOptions=Addr=127.0.0.1,Port=smtp,Name=MTA") and remove lines containing non-loopback addresses.
# sed -i "s/O DaemonPortOptions=Name=MTA/O DaemonPortOptions=Addr=127.0.0.1,Port=smtp,Name=MTA/" /etc/sendmail.cf
Restart the sendmail service:
# service sendmail restart
Determine if Sendmail only binds to loopback addresses by examining the "DaemonPortOptions" configuration options.
# grep -i "O DaemonPortOptions" /etc/sendmail.cf
If there are uncommented DaemonPortOptions lines, and all such lines specify system loopback addresses, this is not a finding.
Otherwise, determine if Sendmail is configured to allow open relay operation.
# grep -i promiscuous_relay /etc/mail/sendmail.mc
If the promiscuous relay feature is enabled, this is a finding.
V-89641
False
VRAU-SL-000555
Determine if Sendmail only binds to loopback addresses by examining the "DaemonPortOptions" configuration options.
# grep -i "O DaemonPortOptions" /etc/sendmail.cf
If there are uncommented DaemonPortOptions lines, and all such lines specify system loopback addresses, this is not a finding.
Otherwise, determine if Sendmail is configured to allow open relay operation.
# grep -i promiscuous_relay /etc/mail/sendmail.mc
If the promiscuous relay feature is enabled, this is a finding.
M
3459