CCE-95491-7Platform: cpe:/o:amazon:linux:2, cpe:/o:centos:centos:7, cpe:/o:oracle:linux:7, cpe:/o:oracle:linux:8, cpe:/o:redhat:enterprise_linux:7, cpe:/o:redhat:enterprise_linux:8, cpe:/o:redhat:enterprise_linux:9 | Date: (C)2021-03-05 (M)2023-07-04 |
Description:
The .forward file specifies an email address to forward the user's mail to.
Rationale:
Use of the .forward file poses a security risk in that sensitive data may be inadvertently
transferred outside the organization. The .forward file also poses a risk as it can be used to
execute commands that may perform unintended actions.
Audit:
Run the following script and verify no results are returned:
#!/bin/bash
grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 !=
"'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while
read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
if [ ! -h "$dir/.forward" -a -f "$dir/.forward" ]; then
echo ".forward file $dir/.forward exists"
fi
fi
done
Remediation:
Making global modifications to users files without alerting the user community can result
in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring
policy be established to report user .forward files and determine the action to be taken in
accordance with site policy.
Notes:
On some distributions the /sbin/nologin should be replaced with /usr/sbin/nologin.
Parameter:
[yes/no]
Technical Mechanism:
Making global modifications to users files without alerting the user community can result
in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring
policy be established to report user .forward files and determine the action to be taken in
accordance with site policy.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.2 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 4.2 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: NONE |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:73042 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72357 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:71991 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84231 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72937 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:68642 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72728 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:72831 |