STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide

V-239540

CAT II (Medium)

The SMTP service must not have the EXPN feature active.

Rule ID

SV-239540r662071_rule

STIG

VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-000382

Discussion

The SMTP EXPN function allows an attacker to determine if an account exists on a system, providing significant assistance to a brute force attack on user accounts. EXPN may also provide additional information concerning users on the system, such as the full names of account owners.

Check Content

Use the following command to check if EXPN is disabled:

# grep -v "^#" /etc/sendmail.cf |grep -i PrivacyOptions

If "noexpn" is not returned, this is a finding.

Fix Text

Add "noexpn" to the "PrivacyOptions" flag in the "/etc/sendmail.cf" file.