From 5cd33746a0a0a7fc85c888c12215749117a661e0 Mon Sep 17 00:00:00 2001
From: Simon Biewald <simon@fam-biewald.de>
Date: Sat, 20 Jun 2020 17:45:34 +0200
Subject: add (Open)SSH equivalents to rhost files

SSH also supports host based authentication. In contrast to the totally
insecure rsh, the hostnames are checked cryptographically. The
authorization checks are still done with the same syntax as with rsh.
In addition to the old rhosts/rlogin (and eqviv) file, SSH adds the
slogin file. This must not be writable as well, as attackers could
elevate their privileges.
---
 default.prf | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'default.prf')

diff --git a/default.prf b/default.prf
index 7f1a6899..26e10fc0 100644
--- a/default.prf
+++ b/default.prf
@@ -304,8 +304,10 @@ permfile=/etc/passwd:rw-r--r--:root:-:WARN:
 permfile=/etc/passwd-:rw-r--r--:root:-:WARN:
 permfile=/etc/ssh/sshd_config:rw-------:root:-:WARN:
 permfile=/etc/hosts.equiv:rw-r--r--:root:root:WARN:
+permfile=/etc/shosts.equiv:rw-r--r--:root:root:WARN:
 permfile=/root/.rhosts:rw-------:root:root:WARN:
 permfile=/root/.rlogin:rw-------:root:root:WARN:
+permfile=/root/.shosts:rw-------:root:root:WARN:
 
 # These permissions differ by OS
 #permfile=/etc/gshadow:---------:root:-:WARN:
-- 
cgit v1.2.3