6.2.11 Ensure no users have .forward files (Scored) [SecScan]

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.

======6.2.11 Ensure no users have .forward files (Scored)======
=====Profile Applicability=====  
<code>
Level 1 - Server
Level 1 - Workstation 
</code>

=====Description=====
The ''.forward'' file specifies an email address to forward the user's mail to.

=====Rationale=====
Use of the ''.forward'' file poses a security risk in that sensitive data may be inadvertently transferred outside the organization. The ''.forward'' file also poses a risk as it can be used to execute commands that may perform unintended actions.

=====Audit===== 
Run the following script and verify no results are returned:
<Code:bash>
#!/bin/bash 
for dir in `cat /etc/passwd |\ awk -F: '{ print $6 }'`; do
  if [ ! -h "$dir/.forward" -a -f "$dir/.forward" ]; then
    echo ".forward file $dir/.forward exists" 
  fi 
done
</Code>

=====Remediation=====
Making global modifications to users' files without alerting the user community can result in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring policy be established to report user ''.forward'' files and determine the action to be taken in accordance with site policy.