UCF STIG Viewer Logo

There must be no .netrc files on the system.


Overview

Finding ID Version Rule ID IA Controls Severity
V-913 GEN002000 M6 SV-38002r1_rule ECCD-1 ECCD-2 IAIA-1 IAIA-2 Medium
Description
Unencrypted passwords for remote FTP servers may be stored in .netrc files. Policy requires passwords be encrypted in storage and not used in access scripts.
STIG Date
MAC OSX 10.6 Workstation Security Technical Implementation Guide Draft 2013-01-10

Details

Check Text ( C-37581r1_chk )
Open a terminal session and enter the following command to check the system for the existence of any .netrc files.

find / -name .netrc

If any .netrc file exists, this is a finding.
Fix Text (F-32823r1_fix)
To remove the .netrc file(s) enter the following command.


rm .netrc