Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The .rhosts file must not be supported in PAM.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-11989 | GEN002100 | SV-38264r1_rule | ECCD-1 ECCD-2 | Medium |
| Description |
|---|
| .rhosts files are used to specify a list of hosts permitted remote access to a particular account without authenticating. The use of such a mechanism defeats strong identification and authentication requirements. |
| STIG | Date |
|---|---|
| HP-UX 11.23 Security Technical Implementation Guide | 2015-06-12 |
Details
| Check Text ( C-36422r1_chk ) |
|---|
| # cat /etc/pam.conf | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' | grep -v "^#" | grep "^rcomds" | egrep "auth|account" | egrep "libpam_unix|libpam_hpsec" NOTE: The entries in /etc/pam.conf Authentication and Account management sections should be configured as follows: # Authentication management rcomds auth required libpam_hpsec.so.1 rcomds auth required libpam_unix.so.1 # Account management rcomds account required libpam_hpsec.so.1 rcomds account required libpam_unix.so.1 The remsh and rexec services use the above entries as configuration information for authenticating users. Adding these entries in the /etc/pam.conf file informs rexec and remsh to use the standard UNIX authentication mechanism to authenticate the users, including the inspection of the .rhosts file. |
| Fix Text (F-31761r1_fix) |
|---|
| Edit /etc/pam.conf and comment/remove the "rcomds" line(s). |