10.5 Create symlinks for dangerous files - /.shosts

Information

The /.rhosts, /.shosts, and /etc/hosts.equiv files enable a weak form of access control. Attackers will often target these files as part of their exploit scripts. By linking these files to /dev/null, any data that an attacker writes to these files is simply discarded (though an astute attacker can still remove the link prior to writing their malicious data).

Solution

Perform the following to implement the recommended state:
# for file in /.rhosts /.shosts /etc/hosts.equiv; do
rm -f $file
ln -s /dev/null $file
done

See Also

https://workbench.cisecurity.org/files/614