4.4.3 Removal of entries from /etc/hosts.equiv

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This process removes all entries from the /etc/hosts.equiv file.

Rationale:

The /etc/hosts.equiv file can be used to circumvent normal login or change control procedures. The existence of this file, with the relevant entries, can allow remote user access to a system bypassing local user and password authentication. Unless required all entries will be removed from this file.

Solution

Remove all entries from the /etc/hosts.equiv file:

sed '/^s*$/d; s/^(s*[^#].*)/#1/' /etc/hosts.equiv > /etc/hosts.equiv.work
mv hosts.equiv.work hosts.equiv
chown root:system /etc/hosts.equiv
chmod 644 /etc/hosts.equiv

Note: the above command removes blank lines and comments out any non commented entries.

Default Value:

N/A

See Also

https://workbench.cisecurity.org/benchmarks/13069