OL6-00-000019 - There must be no .rhosts or hosts.equiv files on the system - '~/.rhosts'

Information

Trust files are convenient, but when used in conjunction with the R-services, they can allow unauthenticated access to a system.

Solution

The files '/etc/hosts.equiv' and '~/.rhosts' (in each user's home directory) list remote hosts and users that are trusted by the local system when using the rshd daemon. To remove these files, run the following command to delete them from any location.

# rm /etc/hosts.equiv

$ rm ~/.rhosts

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_6_V2R7_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|I, CCI|CCI-000366, Rule-ID|SV-219547r793804_rule, STIG-ID|OL6-00-000019, STIG-Legacy|SV-64925, STIG-Legacy|V-50719, Vuln-ID|V-219547

Plugin: Unix

Control ID: 6d29ed803a94f965b7657806cf5fb63ca23b652aced0a6d798d4cb4c065c5232