Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-38491 | RHEL-06-000019 | SV-50292r1_rule | High |
Description |
---|
Trust files are convenient, but when used in conjunction with the R-services, they can allow unauthenticated access to a system. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2016-06-05 |
Check Text ( C-46048r1_chk ) |
---|
The existence of the file "/etc/hosts.equiv" or a file named ".rhosts" inside a user home directory indicates the presence of an Rsh trust relationship. If these files exist, this is a finding. |
Fix Text (F-43438r1_fix) |
---|
The files "/etc/hosts.equiv" and "~/.rhosts" (in each user's home directory) list remote hosts and users that are trusted by the local system when using the rshd daemon. To remove these files, run the following command to delete them from any location. # rm /etc/hosts.equiv $ rm ~/.rhosts |