Check: RHEL-09-252075
RHEL 9 STIG:
RHEL-09-252075
(in versions v1 r3 through v1 r1)
Title
There must be no .shosts files on RHEL 9. (Cat I impact)
Discussion
The .shosts files are used to configure host-based authentication for individual users or the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.
Check Content
Verify there are no ".shosts" files on RHEL 9 with the following command: $ sudo find / -name .shosts If a ".shosts" file is found, this is a finding.
Fix Text
Remove any found ".shosts" files from the system. $ sudo rm /[path]/[to]/[file]/.shosts
Additional Identifiers
Rule ID: SV-257956r925855_rule
Vulnerability ID: V-257956
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |