id: message-access-server

info:
  name: Ensure Message Access Server Service is Not Installed
  author: Th3l0newolf
  severity: info
  description: |
    The dovecot-imapd package provides the Dovecot IMAP server, which allows users to remotely access email stored on the system. If not explicitly required, having this service installed unnecessarily increases the system's attack surface and could expose it to potential remote exploits. To maintain a secure system, IMAP services should only be installed and enabled when there is a clear business requirement.
  remediation: |
    - Ensure the `slapd` package is not installed unless explicitly required.
    - To remove the package, run: sudo apt-get remove slapd -y
  reference:
    - https://www.cisecurity.org/benchmark/ubuntu_linux
  metadata:
    verified: true
  tags: cis,local,cisecurity,audit,linux,ubuntu

self-contained: true

code:
  - engine:
      - bash

    args:
      - "-c"
      - |
        if dpkg-query -s dovecot-imapd &>/dev/null; then
          echo "[message-access-server-check:Policy-Fail] [dovecot-imapd is installed] [CIS_FAIL]"
        else
          echo "[message-access-server-check:Policy-Pass] [dovecot-imapd is not installed] [CIS_PASS]"
        fi

    matchers:
      - type: word
        name: policy-pass
        words:
          - "Policy-Pass"

      - type: word
        name: policy-fail
        words:
          - "Policy-Fail"
# digest: 4a0a00473045022100872017f5f8005a6556592b1ae6736a0bfca00d3a127dfdf01e9f2e5a955638d502204fc22979eee455173e7bb24f6cdcee46165063e16f761d501f0f9f5e0cde79cd:922c64590222798bb761d5b6d8e72950