Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The .rhosts file must not be supported in AIX PAM.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-91741 | AIX7-00-003139 | SV-101839r1_rule | Medium |
| Description |
|---|
| .rhosts files are used to specify a list of hosts permitted remote access to a particular account without authenticating. The use of such a mechanism defeats strong identification and authentication requirements. |
| STIG | Date |
|---|---|
| IBM AIX 7.x Security Technical Implementation Guide | 2019-04-29 |
Details
| Check Text ( C-90895r1_chk ) |
|---|
| Check the PAM configuration for "rhosts_auth" using command: # grep rhosts_auth /etc/pam.conf |grep -v \# If a "rhosts_auth" entry is found, this is a finding. |
| Fix Text (F-97939r1_fix) |
|---|
| Edit "/etc/pam.conf" and remove the reference(s) to the "rhosts_auth" module. |