Navigate

Check: GEN002040

SUSE Linux Enterprise Server v11 for System z STIG: GEN002040 (in versions v1 r12 through v1 r9)

Title

There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system. (Cat I impact)

Discussion

The .rhosts, .shosts, hosts.equiv, and shosts.equiv files are used to configure host-based authentication for individual users or the system. Host-based authentication is not sufficient for preventing unauthorized access to the system.

Check Content

Check for the existence of the files. # find / -name .rhosts # find / -name .shosts # find / -name hosts.equiv # find / -name shosts.equiv If .rhosts, .shosts, hosts.equiv, or shosts.equiv are found and their use has not been documented and approved by the IAO, this is a finding.

Fix Text

Remove all the r-commands access control files. Procedure: # find / -name .rhosts -exec rm {} \; # find / -name .shosts -exec rm {} \; # find / -name hosts.equiv -exec rm {} \; # find / -name shosts.equiv -exec rm {} \;

Additional Identifiers

Rule ID: SV-45167r1_rule

Vulnerability ID: V-11988

Group Title: GEN002040

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings