STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

All .rhosts, .shosts, or host.equiv files must only contain trusted host-user pairs.

DISA Rule

SV-226562r603265_rule

Vulnerability Number

V-226562

Group Title

SRG-OS-000480

Rule Version

GEN002020

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

If possible, remove the .rhosts, .shosts, hosts.equiv, and shosts.equiv files. If the files are required, remove any content from the files except for necessary host-user pairs.

Check Contents

Locate and examine all .rhosts, .shosts, hosts.equiv, and shosts.equiv files. The .rhosts and .shosts files are stored in home directories. (If a user does not have a home directory assigned in /etc/passwd, the root directory (/) is assigned as a default home directory.)

Procedure:
# for i in `cut -d: -f6 /etc/passwd | awk '$1 == "" {$1 = "/"} {print $1}'`; do more $i/.rhosts; more $i/.shosts; done
# more /etc/hosts.equiv
# more /etc/ssh/shosts.equiv

If any .rhosts, .shosts, hosts.equiv, or shosts.equiv file contains other than host-user pairs, this is a finding.

Vulnerability Number

V-226562

Documentable

False

Rule Version

GEN002020

Severity Override Guidance

Locate and examine all .rhosts, .shosts, hosts.equiv, and shosts.equiv files. The .rhosts and .shosts files are stored in home directories. (If a user does not have a home directory assigned in /etc/passwd, the root directory (/) is assigned as a default home directory.)

Procedure:
# for i in `cut -d: -f6 /etc/passwd | awk '$1 == "" {$1 = "/"} {print $1}'`; do more $i/.rhosts; more $i/.shosts; done
# more /etc/hosts.equiv
# more /etc/ssh/shosts.equiv

If any .rhosts, .shosts, hosts.equiv, or shosts.equiv file contains other than host-user pairs, this is a finding.

Check Content Reference

M

Target Key

4060

Comments