Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-216357 | SOL-11.1-040390 | SV-216357r603267_rule | Medium |
Description |
---|
The use of .rhosts authentication is an insecure protocol and can be replaced with public-key authentication using Secure Shell. As automatic authentication settings in the .rhosts files can provide a malicious user with sensitive system credentials, the use of .rhosts files should be disabled. |
STIG | Date |
---|---|
Solaris 11 SPARC Security Technical Implementation Guide | 2024-02-02 |
Check Text ( C-17593r371159_chk ) |
---|
Note: This is the location for Solaris 11.1. For earlier versions, the information is in /etc/pam.conf. Determine if host-based authentication services are enabled. # grep 'pam_rhosts_auth.so.1' /etc/pam.conf /etc/pam.d/*| grep -vc '^#' If the returned result is not 0 (zero), this is a finding. |
Fix Text (F-17591r371160_fix) |
---|
Note: This is the location for Solaris 11.1. For earlier versions, the information is in /etc/pam.conf. The root role is required. # ls -l /etc/pam.d to identify the various configuration files used by PAM. Search each file for the pam_rhosts_auth.so.1 entry. # grep pam_rhosts_auth.so.1 [filename] Identify the file with the line pam_hosts_auth.so.1 in it. # pfedit [filename] Insert a comment character (#) at the beginning of the line containing "pam_hosts_auth.so.1". |