Guide to the Secure Configuration of Ubuntu 22.04
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Mail Server Software
Mail servers are used to send and receive email over the network. Mail is a very common service, and Mail Transfer Agents (MTAs) are obvious target...Group -
The Postfix package is installed
A mail server is required for sending emails. The <code>postfix</code> package can be installed with the following command: <pre> $ apt-get install...Rule Medium Severity -
Enable Postfix Service
The Postfix mail transfer agent is used for local mail delivery within the system. The default configuration only listens for connections to the de...Rule Unknown Severity -
Ensure Mail Transfer Agent is not Listening on any non-loopback Address
Mail Transfer Agents (MTA), such as sendmail and Postfix, are used to listen for incoming mail and transfer the messages to the appropriate user or...Rule Medium Severity -
Configure SMTP For Mail Clients
This section discusses settings for Postfix in a submission-only e-mail configuration.Group -
Postfix Network Interfaces
The setting for inet_interfaces in /etc/postfix/main.cfValue -
Postfix relayhost
Specify the host all outbound email should be routed into.Value -
Postfix Root Mail Alias
Specify an email address (string) for a root mail alias.Value -
Configure System to Forward All Mail For The Root Account
Make sure that mails delivered to root user are forwarded to a monitored email address. Make sure that the address <xccdf-1.2:sub idref="xccdf_org....Rule Medium Severity -
Configure NFS Clients
The steps in this section are appropriate for systems which operate as NFS clients.Group -
Disable NFS Server Daemons
There is no need to run the NFS server daemons <code>nfs</code> and <code>rpcsvcgssd</code> except on a small number of properly secured systems de...Group -
Configure System to Forward All Mail through a specific host
Set up a relay host that will act as a gateway for all outbound email. Edit the file <code>/etc/postfix/main.cf</code> to ensure that only the foll...Rule Medium Severity -
Disable Postfix Network Listening
Edit the file <code>/etc/postfix/main.cf</code> to ensure that only the following <code>inet_interfaces</code> line appears: <pre>inet_interfaces =...Rule Medium Severity -
Configure Operating System to Protect Mail Server
The guidance in this section is appropriate for any host which is operating as a site MTA, whether the mail server runs using Sendmail, Postfix, or...Group -
Configure SSL Certificates for Use with SMTP AUTH
If SMTP AUTH is to be used, the use of SSL to protect credentials in transit is strongly recommended. There are also configurations for which it ma...Group -
Ensure Security of Postfix SSL Certificate
Create the PKI directory for mail certificates, if it does not already exist: <pre>$ sudo mkdir /etc/pki/tls/mail $ sudo chown root:root /etc/pki/t...Group -
Configure Postfix if Necessary
Postfix stores its configuration files in the directory /etc/postfix by default. The primary configuration file is/etc/postfix/main.cf.Group -
Configure Postfix Resource Usage to Limit Denial of Service Attacks
Edit <code>/etc/postfix/main.cf</code>. Edit the following lines to configure the amount of system resources Postfix can consume: <pre>default_proc...Group -
Control Mail Relaying
Postfix's mail relay controls are implemented with the help of the smtpd recipient restrictions option, which controls the restrictions placed on t...Group -
Enact SMTP Recipient Restrictions
To configure Postfix to restrict addresses to which it will send mail, see: <a href="http://www.postfix.org/SMTPD_ACCESS_README.html#danger">h...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.