Free DISA STIG and SRG Library | Vaulted
Removed

V-4427

All .rhosts, .shosts, or host.equiv files must only contain trusted host-user pairs.

Finding ID
GEN002020
Rule ID
SV-38438r1_rule
Severity
Cat II
CCE
(None)
Group Title
GEN002020
CCI
CCI-000366
Target Key
(None)
Documentable
No
Discussion

If these files are not properly configured, they could allow malicious access by unknown malicious users from untrusted hosts who could compromise the system.

Fix Text

Locate and examine all .rhosts, .shosts, hosts.equiv, and shosts.equiv files. Procedure: # find / -name .rhosts # more /<directorylocation>/.rhosts # find / -name .shosts # more /<directorylocation>/.shosts # find / -name hosts.equiv # more /<directorylocation>/hosts.equiv # find / -name shosts.equiv # more /<directorylocation>/shosts.equiv If any .rhosts, .shosts, hosts.equiv, or shosts.equiv file contains anything other than host-user pairs, this is a finding.

Check Content

Locate and examine all .rhosts, .shosts, hosts.equiv, and shosts.equiv files. Procedure: # find / -name .rhosts # more /<directorylocation>/.rhosts # find / -name .shosts # more /<directorylocation>/.shosts # find / -name hosts.equiv # more /<directorylocation>/hosts.equiv # find / -name shosts.equiv # more /<directorylocation>/shosts.equiv If any .rhosts, .shosts, hosts.equiv, or shosts.equiv file contains anything other than host-user pairs, this is a finding.

Responsibility

System Administrator

IA Controls

ECCD-1, ECCD-2