Table of Contents

6.2.11 Ensure no users have .forward files (Scored)

Profile Applicability

Level 1 - Server
Level 1 - Workstation 

Description

The .forward file specifies an email address to forward the user's mail to.

Rationale

Use of the .forward file poses a security risk in that sensitive data may be inadvertently transferred outside the organization. The .forward file also poses a risk as it can be used to execute commands that may perform unintended actions.

Audit

Run the following script and verify no results are returned:

#!/bin/bash 
for dir in `cat /etc/passwd |\ awk -F: '{ print $6 }'`; do
  if [ ! -h "$dir/.forward" -a -f "$dir/.forward" ]; then
    echo ".forward file $dir/.forward exists" 
  fi 
done

Remediation

Making global modifications to users' files without alerting the user community can result in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring policy be established to report user .forward files and determine the action to be taken in accordance with site policy.