6.2.10 Ensure no users have .netrc files

Information

Thenetrc file contains data for logging into a remote host for file transfers via FTP.

Thenetrc file presents a significant security risk since it stores passwords in unencrypted form. Even if FTP is disabled, user accounts may have brought overnetrc files from other systems which could pose a risk to those systems.

Solution

Making global modifications to users' files without alerting the user community can result in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring policy be established to report usernetrc files and determine the action to be taken in accordance with site policy.

See Also

https://workbench.cisecurity.org/files/3682

Item Details

Category: CONFIGURATION MANAGEMENT, MAINTENANCE

References: 800-53|CM-7, 800-53|MA-4, CSCv7|16.4

Plugin: Unix

Control ID: f55cf2e13e8a0209cc9f907367b437c9a7769ecc1a803d1ee4ed6b70d51c813d