From b7b132721e166d9809e081e4c082a9e843b2d345 Mon Sep 17 00:00:00 2001
From: Simon Biewald <simon@fam-biewald.de>
Date: Sat, 20 Jun 2020 17:08:56 +0200
Subject: check permissions of files used by rsh

The old rsh (remote shell) grants access to users and hosts in the files
/etc/hosts.equiv and ~/r(login|hosts). If attackers can write to those
files, he can logon as a different user or even root (in case of roots
.r(login|hosts) only) to the system. While the rsh daemon usually checks
for non-root owners or write permissions, this may not be the case on
any system.

Those files might affect other services as well (rlogin, rcp, ...).

As hostnames and usernames are not verified securely, the use of rsh and
similar commands discouraged. It may still be in use on legacy systems
even today, so it should be secured as much as possible if not possible
to remove/replace.
---
 default.prf | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'default.prf')

diff --git a/default.prf b/default.prf
index 6ff3eac2..7f1a6899 100644
--- a/default.prf
+++ b/default.prf
@@ -303,6 +303,9 @@ permfile=/etc/motd:rw-r--r--:root:root:WARN:
 permfile=/etc/passwd:rw-r--r--:root:-:WARN:
 permfile=/etc/passwd-:rw-r--r--:root:-:WARN:
 permfile=/etc/ssh/sshd_config:rw-------:root:-:WARN:
+permfile=/etc/hosts.equiv:rw-r--r--:root:root:WARN:
+permfile=/root/.rhosts:rw-------:root:root:WARN:
+permfile=/root/.rlogin:rw-------:root:root:WARN:
 
 # These permissions differ by OS
 #permfile=/etc/gshadow:---------:root:-:WARN:
-- 
cgit v1.2.3