CCE-99427-7Platform: cpe:/o:amazon:linux:2 | Date: (C)2023-03-07 (M)2023-07-14 |
Description:
The .rhosts file specifies an email address to forward the users mail to.
Rationale:
Use of this file is only meaningful if .rhosts support is permitted in the file /etc/pam.conf .
Even though the .rhosts files are ineffective if support is disabled in /etc/pam.conf , they
may have been brought over from other systems and could contain information useful to
an attacker for those other systems.
Audit:
Run the following script and verify no results are returned:
#!/bin/bash
grep -E -v ^(root|halt|sync|shutdown) /etc/passwd | awk -F: ($7 !=
""$(which nologin)"" && $7 != "/bin/false") { print $1 " " $6 } | while
read user dir; do
if [ ! -d "$dir" ]; then
echo "The home directory ($dir) of user $user does not exist."
else
if [ ! -h "$dir/.d" -a -f "$dir/.rhosts" ]; then
echo ".rhosts file $dir/.rhosts exists"
fi
fi
done
Remediation:
Making global modifications to users' files without alerting the user community can result
in unexpected outages and unhappy users. Therefore, it is recommended that a monitoring
policy be established to report user .rhosts files and determine the action to be taken in
accordance with site policy.
Notes:
On some distributions the /sbin/nologin should be replaced with /usr/sbin/nologin.
Parameter:
[yes/no]
Technical Mechanism:
Making global modifications to users files without alerting the user community can result
in unexpected outages and unhappy users.Therefore, it is recommended that a monitoring
policy be established to report user .forward files and determine the action to be taken in
accordance with site policy.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 9.4 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 5.5 | Privileges Required: NONE |
Severity: CRITICAL | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:87846 |