There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-11988	GEN002040	SV-40332r1_rule	ECCD-1 ECCD-2	High

Description
The .rhosts, .shosts, hosts.equiv, and shosts.equiv files are used to configure host-based authentication for individual users or the system. Host-based authentication is not sufficient for preventing unauthorized access to the system.

STIG	Date
SOLARIS 10 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE	2018-04-10

Details

Check Text ( C-39210r1_chk )
Check for the existence of the files. The .rhosts and .shosts files are stored in home directories. (If a user does not have a home directory assigned in /etc/passwd, the root directory (/) is assigned as a default home directory.) Procedure (the first command is five lines long): # for homedir in `cut -d: -f6 /etc/passwd \| awk '$1 == "" {$1 = "/"} {print $1}'`; do ls -l $homedir/.rhosts; ls -l $homedir/.shosts; done # ls -l /etc/hosts.equiv # ls -l /etc/ssh/shosts.equiv If .rhosts, .shosts, hosts.equiv, or shosts.equiv are found, this is a finding.

Check Text ( C-39210r1_chk )

Check for the existence of the files. The .rhosts and .shosts files are stored in home directories. (If a user does not have a home directory assigned in /etc/passwd, the root directory (/) is assigned as a default home directory.)

Procedure (the first command is five lines long):
# for homedir in `cut -d: -f6 /etc/passwd | awk '$1 == "" {$1 = "/"} {print $1}'`;
do
ls -l $homedir/.rhosts;
ls -l $homedir/.shosts;
done
# ls -l /etc/hosts.equiv
# ls -l /etc/ssh/shosts.equiv

If .rhosts, .shosts, hosts.equiv, or shosts.equiv are found, this is a finding.

Fix Text (F-11249r2_fix)
Remove the .rhosts, .shosts, hosts.equiv, and/or shosts.equiv files.