Uninstall Sendmail Package
An XCCDF Rule
Description
Sendmail is not the default mail transfer agent and is not installed by default. Thesendmail
package can be removed with the following command:
$ sudo yum erase sendmail
Rationale
The sendmail software was not developed with security in mind and its design prevents it from being effectively contained by SELinux. Postfix should be used instead.
- ID
- xccdf_org.ssgproject.content_rule_package_sendmail_removed
- Severity
- Medium
- References
- Updated
Remediation Templates
A Puppet Snippet
include remove_sendmail
class remove_sendmail {
package { 'sendmail':
ensure => 'purged',
}
}
An Ansible Snippet
- name: Ensure sendmail is removed
package:
name: sendmail
state: absent
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
tags:
script:kickstart
package remove sendmail
script:bootc
dnf remove sendmail
Anaconda Pre-Install Instructions
package --remove=sendmail
A Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
# CAUTION: This remediation script will remove sendmail
# from the system, and may remove any packages
# that depend on sendmail. Execute this
# remediation AFTER testing on a non-production