From b7b132721e166d9809e081e4c082a9e843b2d345 Mon Sep 17 00:00:00 2001 From: Simon Biewald Date: Sat, 20 Jun 2020 17:08:56 +0200 Subject: check permissions of files used by rsh The old rsh (remote shell) grants access to users and hosts in the files /etc/hosts.equiv and ~/r(login|hosts). If attackers can write to those files, he can logon as a different user or even root (in case of roots .r(login|hosts) only) to the system. While the rsh daemon usually checks for non-root owners or write permissions, this may not be the case on any system. Those files might affect other services as well (rlogin, rcp, ...). As hostnames and usernames are not verified securely, the use of rsh and similar commands discouraged. It may still be in use on legacy systems even today, so it should be secured as much as possible if not possible to remove/replace. --- default.prf | 3 +++ 1 file changed, 3 insertions(+) (limited to 'default.prf') diff --git a/default.prf b/default.prf index 6ff3eac2..7f1a6899 100644 --- a/default.prf +++ b/default.prf @@ -303,6 +303,9 @@ permfile=/etc/motd:rw-r--r--:root:root:WARN: permfile=/etc/passwd:rw-r--r--:root:-:WARN: permfile=/etc/passwd-:rw-r--r--:root:-:WARN: permfile=/etc/ssh/sshd_config:rw-------:root:-:WARN: +permfile=/etc/hosts.equiv:rw-r--r--:root:root:WARN: +permfile=/root/.rhosts:rw-------:root:root:WARN: +permfile=/root/.rlogin:rw-------:root:root:WARN: # These permissions differ by OS #permfile=/etc/gshadow:---------:root:-:WARN: -- cgit v1.2.3 From 5cd33746a0a0a7fc85c888c12215749117a661e0 Mon Sep 17 00:00:00 2001 From: Simon Biewald Date: Sat, 20 Jun 2020 17:45:34 +0200 Subject: add (Open)SSH equivalents to rhost files SSH also supports host based authentication. In contrast to the totally insecure rsh, the hostnames are checked cryptographically. The authorization checks are still done with the same syntax as with rsh. In addition to the old rhosts/rlogin (and eqviv) file, SSH adds the slogin file. This must not be writable as well, as attackers could elevate their privileges. --- default.prf | 2 ++ 1 file changed, 2 insertions(+) (limited to 'default.prf') diff --git a/default.prf b/default.prf index 7f1a6899..26e10fc0 100644 --- a/default.prf +++ b/default.prf @@ -304,8 +304,10 @@ permfile=/etc/passwd:rw-r--r--:root:-:WARN: permfile=/etc/passwd-:rw-r--r--:root:-:WARN: permfile=/etc/ssh/sshd_config:rw-------:root:-:WARN: permfile=/etc/hosts.equiv:rw-r--r--:root:root:WARN: +permfile=/etc/shosts.equiv:rw-r--r--:root:root:WARN: permfile=/root/.rhosts:rw-------:root:root:WARN: permfile=/root/.rlogin:rw-------:root:root:WARN: +permfile=/root/.shosts:rw-------:root:root:WARN: # These permissions differ by OS #permfile=/etc/gshadow:---------:root:-:WARN: -- cgit v1.2.3