9.20 Check for Presence of User .netrc Files

Information

The .netrc file contains data for logging into a remote host for file transfers via FTP.

The .netrc file presents a significant security risk since it stores passwords in unencrypted form.

Solution

Correct or justify any items discovered in the Audit step. Determine if any .netrc files exist, and work with the owner to determine the best course of action in accordance with site policy.

See Also

https://workbench.cisecurity.org/files/611

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(7), CSCv6|9.1

Plugin: Unix

Control ID: 57bc6aebf290f11ba701257ec10edbf6351bb92a88b9562cd9877aa4645f3352