Host-based authentication for login-based services must be disabled.
An XCCDF Rule
Description
<VulnDiscussion>The use of .rhosts authentication is an insecure protocol and can be replaced with public-key authentication using Secure Shell. As automatic authentication settings in the .rhosts files can provide a malicious user with sensitive system credentials, the use of .rhosts files should be disabled.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-216120r959010_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Note: This is the location for Solaris 11.1. For earlier versions, the information is in /etc/pam.conf.
The root role is required.
# ls -l /etc/pam.d
to identify the various configuration files used by PAM.