Skip to content

Remove User Host-Based Authentication Files

An XCCDF Rule

Description

The ~/.shosts (in each user's home directory) files list remote hosts and users that are trusted by the local system. To remove these files, run the following command to delete them from any location:

$ sudo find / -name '.shosts' -type f -delete

Rationale

The .shosts files are used to configure host-based authentication for individual users or the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.

ID
xccdf_org.ssgproject.content_rule_no_user_host_based_files
Severity
High
References
Updated



Remediation - Shell Script


# Identify local mounts
MOUNT_LIST=$(df --local | awk '{ print $6 }')

# Find file on each listed mount point
for cur_mount in ${MOUNT_LIST}

Remediation - Ansible

- name: Remove User Host-Based Authentication Files - Define Excluded (Non-Local)
    File Systems and Paths
  ansible.builtin.set_fact:
    excluded_fstypes:
    - afs
    - ceph