HPE Community
Operating System - HP-UX
1847040 Members
3898 Online
110261 Solutions
New Discussion

Sendmail: Patch & IPF or Remove?

 
SOLVED
Go to solution
Karl Balsmeier
Advisor

‎03-11-2003 04:46 PM

‎03-11-2003 04:46 PM

Sendmail: Patch & IPF or Remove?

Context: I work at a bank, and we get an awful lot of security warnings, the most recent about sendmail.

General Question: Are the latest patches enough to address standard security concerns? I have the option to turn it off completely, as it's not being used, except by the system itself for various messages generated when I do software installs, etc. The systems are devoted to other uses.

Specific Question: If inclined, how would I go about removing sendmail from the system, is it as simple as swremove and clearning out the mail queue? Bonus: Can't a few nifty IPF rules solve this and leave the nicely patched sendmail intact?
"Unix is the Net"
0 Kudos
Reply
2 REPLIES 2
Jeff Schussele
Honored Contributor

‎03-11-2003 04:54 PM

‎03-11-2003 04:54 PM

Solution

Re: Sendmail: Patch & IPF or Remove?

Hi Karl,

No need to remove sendmail, just turn off it's ability to accept mail. That's what this latest exploit was targeting - systems that *accept* mail.
To stop sendmail run

/sbin/init.d/sendmail stop

Then to disable it from starting at next boot edit

/etc/rc.config.d/mailservs

and set

export SENDMAIL_SERVER=0

I doubt IPF rules would stop this exploit. The header was where the danger was & I'm not sure IPF can interrogate the header of mail msgs.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Steven E. Protter
Exalted Contributor

‎03-11-2003 07:57 PM

‎03-11-2003 07:57 PM

Re: Sendmail: Patch & IPF or Remove?

We have faced similar concerns. Our systems use sendmail to route outbound messages from cron to mailboxes that indicate the cron job has succeeded in doing important things like backing up the database.

So sendmail has to run and its possible to direct mail at this exploit with a telnet session.

So we installed the latest sendmail 8.11.1 patch and will be installed the new binaries after making sure the patch didn't do anything bad.

Here is how we keep up on these security issues.

Fist we subscribe to itrc security bulletins, which you apparently already do.

Next we use the following tools to harden security on our system and notify us of security patches.

Bastille Security hardening
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA

Perl which the above needs.
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=PERL

Security Patch Check
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6834AA

TCP Wrappers

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=TCPWRAP

IDS/9000 (Intrusion Detection Sytstem)

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=J5083AA

Get all these products working you'll be quite secure.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.