Skip to content

Configure System to Forward All Mail For The Root Account

An XCCDF Rule

Description

Make sure that mails delivered to root user are forwarded to a monitored email address. Make sure that the address is a valid email address reachable from the system in question. Use the following command to configure the alias:

$ sudo echo "root: " >> /etc/aliases
$ sudo newaliases

Rationale

A number of system services utilize email messages sent to the root user to notify system administrators of active or impending issues. These messages must be forwarded to at least one monitored email address.

ID
xccdf_org.ssgproject.content_rule_postfix_client_configure_mail_alias
Severity
Medium
References
Updated



Remediation - Ansible

- name: XCCDF Value var_postfix_root_mail_alias # promote to variable
  set_fact:
    var_postfix_root_mail_alias: !!str <xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_var_postfix_root_mail_alias" use="legacy"/>
  tags:
    - always


Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

var_postfix_root_mail_alias='<xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_var_postfix_root_mail_alias" use="legacy"/>'