The .rhosts, .shosts, hosts.equiv, shosts.equiv, /etc/passwd, /etc/shadow, and/or /etc/group files must not contain a plus (+) without defining entries for NIS+ netgroups or LDAP netgroups.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-11987 | GEN001980 | SV-38740r2_rule | Medium |
| Description |
|---|
| A plus (+) in system accounts files causes the system to lookup the specified entry using NIS or LDAP. If the system is not using NIS or LDAP, no such entries should exist. |
| STIG | Date |
|---|---|
| AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2018-09-18 |
Details
| Check Text ( C-37175r2_chk ) |
|---|
| Check system configuration files for plus (+) entries. Procedure: # find / -name .rhosts # cat / # find / -name .shosts # cat / # find / -name hosts.equiv # cat / # find / -name shosts.equiv # cat / # cat /etc/passwd | grep -v "^#" | grep "\+" # cat /etc/security/passwd | grep -v "^#" | grep "\+" # cat /etc/group | grep -v "^#" | grep "\+" If the .rhosts, .shosts, hosts.equiv, shosts.equiv, /etc/passwd, /etc/shadow, and/or /etc/group files contain a plus (+) and do not define entries for NIS+ netgroups or LDAP netgroups, this is a finding. |
| Fix Text (F-32455r1_fix) |
|---|
| Edit the .rhosts, .shosts, hosts.equiv, shosts.equiv, /etc/passwd, /etc/security/passwd, and/or /etc/group files and remove entries containing a plus (+). |