The .rhosts, .shosts, hosts.equiv, shosts.equiv, /etc/passwd, /etc/shadow, and/or /etc/group files must not contain a plus (+) without defining entries for NIS+ netgroups or LDAP netgroups.
From AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE
Part of GEN001980
Associated with:
CCI-000366
SV-38740r2_rule
The .rhosts, .shosts, hosts.equiv, shosts.equiv, /etc/passwd, /etc/shadow, and/or /etc/group files must not contain a plus (+) without defining entries for NIS+ netgroups or LDAP netgroups.
Vulnerability discussion
A plus (+) in system accounts files causes the system to lookup the specified entry using NIS or LDAP. If the system is not using NIS or LDAP, no such entries should exist.
Check content
Check system configuration files for plus (+) entries.
Procedure:
# find / -name .rhosts
# cat //.rhosts | grep -v "^#" | grep "\+"
# find / -name .shosts
# cat //.shosts | grep -v "^#" | grep "\+"
# find / -name hosts.equiv
# cat //hosts.equiv | grep -v "^#" | grep "\+"
# find / -name shosts.equiv
# cat //shosts.equiv | grep -v "^#" | grep "\+"
# cat /etc/passwd | grep -v "^#" | grep "\+"
# cat /etc/security/passwd | grep -v "^#" | grep "\+"
# cat /etc/group | grep -v "^#" | grep "\+"
If the .rhosts, .shosts, hosts.equiv, shosts.equiv, /etc/passwd, /etc/shadow, and/or /etc/group files contain a plus (+) and do not define entries for NIS+ netgroups or LDAP netgroups, this is a finding.
Fix text
Edit the .rhosts, .shosts, hosts.equiv, shosts.equiv, /etc/passwd, /etc/security/passwd, and/or /etc/group files and remove entries containing a plus (+).
Pro Tips
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer