ansible-hardening configures postfix to listen everywhere if MTA not present
Bug #1856040 reported by
Duncan Martin Walker
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack-Ansible |
New
|
Undecided
|
Unassigned |
Bug Description
If I run the openstack ansible-hardening role with RHEL7stig on a machine with no MTA installed, the package install of aide-common installs and configures postfix as a default dependency. When configured in noninteractive mode, postfix includes an open socket such that it listens on all interfaces:
> netstat -plant
> Proto Recv-Q Send-Q LocalAddress Foreign Address State Program Name
> tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN master
To post a comment you must log in.