Profile Applicability:
• Level 1
Description:
Message Access Server services (such as IMAP and POP3 servers) provide access to email messages over the network. If these services are not required, they should be disabled to reduce the attack surface and prevent unauthorized access to mail data.
Rationale:
Disabling unused message access services minimizes security risks associated with network-based email protocols and unauthorized data access.
Impact:
Pros:
Reduces exposure to email-related attacks and vulnerabilities.
Limits unnecessary network services running on the system.
Cons:
Disabling these services may disrupt legitimate email access if used.
Default Value:
Message access services may be enabled or running by default on some systems.
Pre-requisites:
Root or sudo privileges to manage system services.
Remediation:
Test Plan:
Using Linux command line:
1. Check if message access services are enabled:
systemctl is-enabled dovecot systemctl is-enabled courier-imap systemctl is-enabled courier-pop
2. Check if message access services are running:
systemctl status dovecot systemctl status courier-imap systemctl status courier-pop
Implementation Plan:
Using Linux command line:
1. Disable message access services:
systemctl disable dovecot systemctl disable courier-imap systemctl disable courier-pop
2. Stop running message access services:
systemctl stop dovecot systemctl stop courier-imap systemctl stop courier-pop
3. Verify services are disabled and stopped:
systemctl is-enabled dovecot systemctl is-enabled courier-imap systemctl is-enabled courier-pop systemctl status dovecot systemctl status courier-imap systemctl status courier-pop
Backout Plan:
Using Linux command line:
1. Enable and start message access services if required:
systemctl enable dovecot systemctl start dovecot systemctl enable courier-imap systemctl start courier-imap systemctl enable courier-pop systemctl start courier-pop
2. Verify service status.
References:
CIS Amazon Linux 2 Benchmark v3.0.0
Systemd Service Management