Check: OL6-00-000019
Oracle Linux 6 STIG:
OL6-00-000019
(in versions v2 r7 through v1 r9)
Title
There must be no .rhosts or hosts.equiv files on the system. (Cat I impact)
Discussion
Trust files are convenient, but when used in conjunction with the R-services, they can allow unauthenticated access to a system.
Check Content
The existence of the file "/etc/hosts.equiv" or a file named ".rhosts" inside a user home directory indicates the presence of an Rsh trust relationship. If these files exist, this is a finding.
Fix Text
The files "/etc/hosts.equiv" and "~/.rhosts" (in each user's home directory) list remote hosts and users that are trusted by the local system when using the rshd daemon. To remove these files, run the following command to delete them from any location. # rm /etc/hosts.equiv $ rm ~/.rhosts
Additional Identifiers
Rule ID: SV-219547r793804_rule
Vulnerability ID: V-219547
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-001436 |
The organization disables organization-defined networking protocols within the information system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |