Checking sendmail.cf file at boot time

[Joe]

Robert L Cochran wrote:

>In an earlier posting I made on the Shrike list, I mentioned it is a
>good idea to turn off mail relaying in sendmail. Someone responded that
>the default sendmail implementation from Red Hat only listens for
>connections on the local host, anyhow, so in effect why bother? 
>
>The best answer to that is that a substitute sendmail.cf file could be
>inserted to the system maliciously at some point. You should not just
>assume that sendmail is running with the actual Red Hat defaults, in
>other words. 
>
This is theoretically true - but if an attacker has somehow gotten a 
root shell on your box, you have much, much bigger problems than mail 
relaying! Finding out how that happened, and taking measures to stop it 
from happening again are the key.

<snip security checks>

The procedures you list would be considered paranoid by some, but others 
would say that paranoia is the key to security. But if you're going to 
be paranoid, be consistent though - why focus solely on sendmail? There 
are thousands of things you will need to check daily or hourly, and 
sendmail is one of the smaller issues. hacked kernels, kernel modules, 
hacked utilities that mask an intruders presence (rootkits), hacked 
libs, hacked network layer, identity theft, malicious users, denial of 
service attacks, warez sites on your server, physical security, etc, etc.

But on balance, a reasonably up to date redhat box with sensible 
security measures is going to be one very tough nut to crack, for any 
hacker without physical access. anything is possible, but the 
probability of a sensibly managed redhat box getting hacked is quite low.

Joe