V-216421

Discussion

Even though the .rhosts files are ineffective if support is disabled in /etc/pam.conf, they may have been brought over from other systems and could contain information useful to an attacker for those other systems.

Check Content

The root role is required.

Check for the presence of .rhosts files.

# for dir in \
`logins -ox | awk -F: '($8 == "PS") { print $6 }'`; do
find ${dir}/.rhosts -type f -ls 2>/dev/null
done

If output is produced, this is a finding.