Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-11988 | GEN002040 | SV-45167r1_rule | High |
Description |
---|
The .rhosts, .shosts, hosts.equiv, and shosts.equiv files are used to configure host-based authentication for individual users or the system. Host-based authentication is not sufficient for preventing unauthorized access to the system. |
STIG | Date |
---|---|
SUSE Linux Enterprise Server v11 for System z | 2016-12-20 |
Check Text ( C-42511r1_chk ) |
---|
Check for the existence of the files. # find / -name .rhosts # find / -name .shosts # find / -name hosts.equiv # find / -name shosts.equiv If .rhosts, .shosts, hosts.equiv, or shosts.equiv are found and their use has not been documented and approved by the IAO, this is a finding. |
Fix Text (F-38564r1_fix) |
---|
Remove all the r-commands access control files. Procedure: # find / -name .rhosts -exec rm {} \; # find / -name .shosts -exec rm {} \; # find / -name hosts.equiv -exec rm {} \; # find / -name shosts.equiv -exec rm {} \; |