STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide

V-239530

CAT II (Medium)

Files executed through a mail aliases file must be owned by root and must reside within a directory owned and writable only by root.

Rule ID

SV-239530r662041_rule

STIG

VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-000382

Discussion

If a file executed through a mail aliases file is not owned and writable only by root, it may be subject to unauthorized modification. Unauthorized modification of files executed through aliases may allow unauthorized users to attain root privileges.

Check Content

Verify the ownership of files referenced within the sendmail aliases file:

# more /etc/aliases

Examine the aliases file for any utilized directories or paths:

# ls -lL <directory or file path>

Check the owner for any paths referenced. Check if the file or parent directory is owned by root. 

If the file or parent directory is not owned by "root", this is a finding.

Fix Text

Edit the "/etc/aliases" file (alternatively, /usr/lib/sendmail.cf). Locate the entries executing a program. They will appear similar to the following line:

Aliasname: : /usr/local/bin/ls (or some other program name)

Ensure "root" owns the programs and the directory(ies) they reside in by using the chown command to change owner to "root":

# chown root <file or directory name>