STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

All .rhosts, .shosts, or host.equiv files must only contain trusted host-user pairs.

DISA Rule

SV-227688r603266_rule

Vulnerability Number

V-227688

Group Title

SRG-OS-000480

Rule Version

GEN002020

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

If possible, remove the .rhosts, .shosts, hosts.equiv, and shosts.equiv files. If the files are required, remove any content from the files except for necessary host-user pairs.

Check Contents

Locate and examine all .rhosts, .shosts, hosts.equiv, and shosts.equiv files. The .rhosts and .shosts files are stored in home directories. (If a user does not have a home directory assigned in /etc/passwd, the root directory (/) is assigned as a default home directory.)

Procedure:
# for i in `cut -d: -f6 /etc/passwd | awk '$1 == "" {$1 = "/"} {print $1}'`; do more $i/.rhosts; more $i/.shosts; done
# more /etc/hosts.equiv
# more /etc/ssh/shosts.equiv

If any .rhosts, .shosts, hosts.equiv, or shosts.equiv file contains other than host-user pairs, this is a finding.

Vulnerability Number

V-227688

Documentable

False

Rule Version

GEN002020

Severity Override Guidance

Locate and examine all .rhosts, .shosts, hosts.equiv, and shosts.equiv files. The .rhosts and .shosts files are stored in home directories. (If a user does not have a home directory assigned in /etc/passwd, the root directory (/) is assigned as a default home directory.)

Procedure:
# for i in `cut -d: -f6 /etc/passwd | awk '$1 == "" {$1 = "/"} {print $1}'`; do more $i/.rhosts; more $i/.shosts; done
# more /etc/hosts.equiv
# more /etc/ssh/shosts.equiv

If any .rhosts, .shosts, hosts.equiv, or shosts.equiv file contains other than host-user pairs, this is a finding.

Check Content Reference

M

Target Key

4061

Comments