Ensure no users have .rhosts fileID: oval:org.secpod.oval:def:68713 | Date: (C)2021-01-31 (M)2023-12-20 |
Class: COMPLIANCE | Family: unix |
While no .rhosts files are shipped by default, users can easily create them.
Rationale:
This action is only meaningful if .rhosts support is permitted in the file /etc/pam.conf . Even though the .rhosts files are ineffective if support is disabled in /etc/pam.conf , they may have been brought over from other systems and could contain information useful to an attacker for those other systems.