The SMTP service HELP command must not be enabled on AIX.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-215417 | AIX7-00-003122 | SV-215417r991589_rule | Medium |
| Description |
| The HELP command should be disabled to mask version information. The version of the SMTP service software could be used by attackers to target vulnerabilities present in specific software versions. |
| STIG | Date |
| IBM AIX 7.x Security Technical Implementation Guide | 2024-08-16 |
Details
| Check Text (C-16615r294702_chk) |
| Run the following command to get the "HELP" file location: # grep "^O HelpFile" /etc/mail/sendmail.cf The above command should yield the following output: O HelpFile=/etc/mail/helpfile If the above command does not yield any output, this is not a finding. The "HELP" file should be referenced by the "HelpFile" option. Check to see if the "HELP" file exists: # ls <helpfile_path> If the "HELP" file exists, this is a finding. |
| Fix Text (F-16613r294703_fix) |
| To disable the SMTP service HELP command remove the HELP file using command: # rm <helpfile_path> |