6.2.12 Ensure no users have .netrc files

Information

The .netrc file contains data for logging into a remote host for file transfers via FTP.

Rationale:

The .netrc file presents a significant security risk since it stores passwords in unencrypted form. Even if FTP is disabled, user accounts may have brought over .netrc files from other systems which could pose a risk to those systems.

Solution

Making global modifications to users' files without alerting the user community can result in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring policy be established to report user .netrc files and determine the action to be taken in accordance with site policy.

Notes:

On some distributions the /sbin/nologin should be replaced with /usr/sbin/nologin.

See Also

https://workbench.cisecurity.org/files/2688

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5, 800-53|IA-5(1), CSCv7|16.4

Plugin: Unix

Control ID: f30ab25b4c6f725eeb31ff1265b31548af98a7852e0c1b38d8a9e15419adc45d