======6.2.11 Ensure no users have .forward files (Scored)======
=====Profile Applicability=====
Level 1 - Server
Level 1 - Workstation
=====Description=====
The ''.forward'' file specifies an email address to forward the user's mail to.
=====Rationale=====
Use of the ''.forward'' file poses a security risk in that sensitive data may be inadvertently transferred outside the organization. The ''.forward'' file also poses a risk as it can be used to execute commands that may perform unintended actions.
=====Audit=====
Run the following script and verify no results are returned:
#!/bin/bash
for dir in `cat /etc/passwd |\ awk -F: '{ print $6 }'`; do
if [ ! -h "$dir/.forward" -a -f "$dir/.forward" ]; then
echo ".forward file $dir/.forward exists"
fi
done
=====Remediation=====
Making global modifications to users' files without alerting the user community can result in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring policy be established to report user ''.forward'' files and determine the action to be taken in accordance with site policy.