Detections
Analytics
ESXI-06-000012 - The SSH daemon must ignore .rhosts files.
Information
SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts.Solution
SSH can emulate the behavior of the obsolete rsh command in allowing users to enable insecure access to their accounts via '.rhosts' files.Add or correct the following line in '/etc/ssh/sshd_config':
IgnoreRhosts yes
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMware_vSphere_6-0_ESXi_V1R5_STIG.zip
Item Details
Audit Name: DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix
Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION
References: 800-53|AC-14, 800-53|IA-5, CAT|II, CCI|CCI-000767, Group-ID|V-63193, Rule-ID|SV-77683r1_rule, STIG-ID|ESXI-06-000012, Vuln-ID|V-63193
Plugin: Unix
Control ID: 15557ad367567643363e4ad4928cd70443b61f769f9a284634a80ea2535ea998