6.8 Disable Host-based Authentication for Login-based Services - rlogin auth sufficient pam_rhosts_auth.so.1

Information

The .rhosts files are used for automatic login to remote hosts and contain username and
hostname combinations. The .rhosts files are unencrypted (usually group- or world-
readable) and present a serious risk in that a malicious user could use the information
within to gain access to a remote host with the privileges of the original application or user.

The use of .rhosts authentication is an old and insecure protocol and can be replaced with
public-key authentication using Secure Shell. As automatic authentication settings in the
.rhosts files can provide a malicious user with sensitive system credentials, the use of
.rhosts files should be disabled. It should be noted that by default the Solaris services that
use this file, including rsh and rlogin, are disabled by default.

Solution

Edit /etc/pam.conf and any /etc/pam.d/* results from audit procedure and comment out
or remove any pam_rhosts_auth lines-#rlogin auth sufficient pam_rhosts_auth.so.1
#rsh auth sufficient pam_rhosts_auth.so.1

See Also

https://workbench.cisecurity.org/files/616

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-14a., 800-53|IA-5

Plugin: Unix

Control ID: 76a6ffe178451610a805ea2c838875889280d7601b3cc1a02fbf39c21f74d179