Uninstall Sendmail Package
An XCCDF Rule
Description
Sendmail is not the default mail transfer agent and is
not installed by default.
The sendmail
package can be removed with the following command:
$ sudo yum erase sendmail
Rationale
The sendmail software was not developed with security in mind and its design prevents it from being effectively contained by SELinux. Postfix should be used instead.
- ID
- xccdf_org.ssgproject.content_rule_package_sendmail_removed
- Severity
- Medium
- References
- Updated
Remediation - Anaconda Pre-Install Instructions
package --remove=sendmail
Remediation - Ansible
- name: Ensure sendmail is removed
package:
name: sendmail
state: absent
when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
tags:
Remediation - Puppet
include remove_sendmail
class remove_sendmail {
package { 'sendmail':
ensure => 'purged',
}
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
# CAUTION: This remediation script will remove sendmail
# from the system, and may remove any packages
# that depend on sendmail. Execute this