9.19 Check for Presence of User .netrc Files

Information

The .netrc file contains data for logging into a remote host for file transfers via FTP.

The .netrc file presents a significant security risk since it stores passwords in
unencrypted form.

Solution

Correct or justify any items discovered in the Audit step. Determine if any .netrc files
exist, and work with the owner to determine the best course of action in accordance with
site policy.

See Also

https://workbench.cisecurity.org/files/616

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(7), CSCv6|9.1

Plugin: Unix

Control ID: 8302c5927c4385cdff8c2640508d9fd52d98ceeedb3dca6fec73add00b9707b4