STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system.

DISA Rule

SV-227689r603266_rule

Vulnerability Number

V-227689

Group Title

SRG-OS-000480

Rule Version

GEN002040

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Remove the .rhosts, .shosts, hosts.equiv, and/or shosts.equiv files.

Check Contents

Check for the existence of the files. The .rhosts and .shosts files are stored in home directories. (If a user does not have a home directory assigned in /etc/passwd, the root directory (/) is assigned as a default home directory.)

Procedure (the first command is five lines long):
# for homedir in `cut -d: -f6 /etc/passwd | awk '$1 == "" {$1 = "/"} {print $1}'`;
do
ls -l $homedir/.rhosts;
ls -l $homedir/.shosts;
done
# ls -l /etc/hosts.equiv
# ls -l /etc/ssh/shosts.equiv

If .rhosts, .shosts, hosts.equiv, or shosts.equiv are found, this is a finding.

Vulnerability Number

V-227689

Documentable

False

Rule Version

GEN002040

Severity Override Guidance

Check for the existence of the files. The .rhosts and .shosts files are stored in home directories. (If a user does not have a home directory assigned in /etc/passwd, the root directory (/) is assigned as a default home directory.)

Procedure (the first command is five lines long):
# for homedir in `cut -d: -f6 /etc/passwd | awk '$1 == "" {$1 = "/"} {print $1}'`;
do
ls -l $homedir/.rhosts;
ls -l $homedir/.shosts;
done
# ls -l /etc/hosts.equiv
# ls -l /etc/ssh/shosts.equiv

If .rhosts, .shosts, hosts.equiv, or shosts.equiv are found, this is a finding.

Check Content Reference

M

Target Key

4061

Comments