4.4.3 Removal of entries from /etc/hosts.equiv

Information

This process removes all entries from the /etc/hosts.equiv file.

Rationale:

The /etc/hosts.equiv file can be used to circumvent normal login or change control procedures. The existence of this file, with the relevant entries, can allow remote user access to a system bypassing local user and password authentication. Unless required all entries will be removed from this file.

Solution

Remove all entries from the /etc/hosts.equiv file:

sed '/^s*$/d; s/^(s*[^#].*)/#1/' /etc/hosts.equiv > /etc/hosts.equiv.work
mv hosts.equiv.work hosts.equiv
chown root:system /etc/hosts.equiv
chmod 644 /etc/hosts.equiv

Note: the above command removes blank lines and comments out any non commented entries.

Default Value:

N/A

See Also

https://workbench.cisecurity.org/benchmarks/13069

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Unix

Control ID: 6199e733a89c8df1775275a1fa8137bfb913d53d514cd5e678520baab524651c