2025-08-19 18:07:27 +05:30
id : message-access-server
2025-06-16 09:31:36 -07:00
info :
name : Ensure Message Access Server Service is Not Installed
author : Th3l0newolf
2025-08-19 16:26:09 +05:30
severity : info
2025-06-16 09:31:36 -07:00
description : |
2025-08-19 16:26:09 +05:30
The dovecot-imapd package provides the Dovecot IMAP server, which allows users to remotely access email stored on the system. If not explicitly required, having this service installed unnecessarily increases the system's attack surface and could expose it to potential remote exploits. To maintain a secure system, IMAP services should only be installed and enabled when there is a clear business requirement.
2025-06-16 09:31:36 -07:00
remediation : |
2025-08-19 16:26:09 +05:30
- Ensure the `slapd` package is not installed unless explicitly required.
- To remove the package, run : sudo apt-get remove slapd -y
2025-06-16 09:31:36 -07:00
reference :
- https://www.cisecurity.org/benchmark/ubuntu_linux
metadata :
verified : true
2025-08-28 23:41:32 +05:30
tags : cis,local,cisecurity,audit,linux,ubuntu
2025-06-16 09:31:36 -07:00
self-contained : true
code :
- engine :
- bash
2025-08-19 16:26:09 +05:30
2025-06-16 09:31:36 -07:00
args :
- "-c"
- |
if dpkg-query -s dovecot-imapd &>/dev/null; then
2025-08-19 16:26:09 +05:30
echo "[message-access-server-check:Policy-Fail] [dovecot-imapd is installed] [CIS_FAIL]"
2025-06-16 09:31:36 -07:00
else
2025-08-19 16:26:09 +05:30
echo "[message-access-server-check:Policy-Pass] [dovecot-imapd is not installed] [CIS_PASS]"
2025-06-16 09:31:36 -07:00
fi
matchers :
- type : word
name : policy-pass
words :
- "Policy-Pass"
- type : word
name : policy-fail
words :
2025-08-21 12:45:03 +00:00
- "Policy-Fail"
2025-08-29 10:06:03 +00:00
# digest: 4a0a00473045022100872017f5f8005a6556592b1ae6736a0bfca00d3a127dfdf01e9f2e5a955638d502204fc22979eee455173e7bb24f6cdcee46165063e16f761d501f0f9f5e0cde79cd:922c64590222798bb761d5b6d8e72950
