The .rhosts, .shosts, hosts.equiv, shosts.equiv, /etc/passwd, /etc/shadow, and/or /etc/group files must not contain a plus (+) without defining entries for NIS+ netgroups.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-11987	GEN001980	SV-63581r1_rule		Medium

Description
A plus (+) in system accounts files causes the system to lookup the specified entry using NIS. If the system is not using NIS, no such entries should exist.

STIG	Date
Oracle Linux 5 Security Technical Implementation Guide	2020-02-25

Details

Check Text ( C-52237r2_chk )
Check system configuration files for plus (+) entries. Procedure: # find / -name .rhosts # grep + //.rhosts # find / -name .shosts # grep + //.shosts # find / -name hosts.equiv # grep + //hosts.equiv # find / -name shosts.equiv # grep + //shosts.equiv # grep + /etc/passwd # grep + /etc/shadow # grep + /etc/group If the .rhosts, .shosts, hosts.equiv, shosts.equiv, /etc/passwd, /etc/shadow, and/or /etc/group files contain a plus (+) and do not define entries for NIS+ netgroups, this is a finding.

Check Text ( C-52237r2_chk )

Check system configuration files for plus (+) entries.

Procedure:
# find / -name .rhosts
# grep + //.rhosts

# find / -name .shosts
# grep + //.shosts

# find / -name hosts.equiv
# grep + //hosts.equiv

# find / -name shosts.equiv
# grep + //shosts.equiv

# grep + /etc/passwd
# grep + /etc/shadow
# grep + /etc/group

If the .rhosts, .shosts, hosts.equiv, shosts.equiv, /etc/passwd, /etc/shadow, and/or /etc/group files contain a plus (+) and do not define entries for NIS+ netgroups, this is a finding.

Fix Text (F-54185r1_fix)
Edit the .rhosts, .shosts, hosts.equiv, shosts.equiv, /etc/passwd, /etc/shadow, and/or /etc/group files and remove entries containing a plus (+).