mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
43 lines
1.6 KiB
YAML
43 lines
1.6 KiB
YAML
id: message-access-server
|
|
|
|
info:
|
|
name: Ensure Message Access Server Service is Not Installed
|
|
author: Th3l0newolf
|
|
severity: info
|
|
description: |
|
|
The dovecot-imapd package provides the Dovecot IMAP server, which allows users to remotely access email stored on the system. If not explicitly required, having this service installed unnecessarily increases the system's attack surface and could expose it to potential remote exploits. To maintain a secure system, IMAP services should only be installed and enabled when there is a clear business requirement.
|
|
remediation: |
|
|
- Ensure the `slapd` package is not installed unless explicitly required.
|
|
- To remove the package, run: sudo apt-get remove slapd -y
|
|
reference:
|
|
- https://www.cisecurity.org/benchmark/ubuntu_linux
|
|
metadata:
|
|
verified: true
|
|
tags: cis,local,cisecurity,audit,linux,ubuntu
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- engine:
|
|
- bash
|
|
|
|
args:
|
|
- "-c"
|
|
- |
|
|
if dpkg-query -s dovecot-imapd &>/dev/null; then
|
|
echo "[message-access-server-check:Policy-Fail] [dovecot-imapd is installed] [CIS_FAIL]"
|
|
else
|
|
echo "[message-access-server-check:Policy-Pass] [dovecot-imapd is not installed] [CIS_PASS]"
|
|
fi
|
|
|
|
matchers:
|
|
- type: word
|
|
name: policy-pass
|
|
words:
|
|
- "Policy-Pass"
|
|
|
|
- type: word
|
|
name: policy-fail
|
|
words:
|
|
- "Policy-Fail"
|
|
# digest: 4a0a00473045022100872017f5f8005a6556592b1ae6736a0bfca00d3a127dfdf01e9f2e5a955638d502204fc22979eee455173e7bb24f6cdcee46165063e16f761d501f0f9f5e0cde79cd:922c64590222798bb761d5b6d8e72950 |