STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

There must be no .netrc files on the system.

DISA Rule

SV-209049r603263_rule

Vulnerability Number

V-209049

Group Title

SRG-OS-000073

Rule Version

OL6-00-000347

Severity

CAT II

CCI(s)

CCI-000196 - The information system, for password-based authentication, stores only cryptographically-protected passwords.

Weight

Fix Recommendation

The ".netrc" files contain login information used to auto-login into FTP servers and reside in the user's home directory. These files may contain unencrypted passwords to remote FTP servers making them susceptible to access by unauthorized users and should not be used. Any ".netrc" files should be removed.

Check Contents

To check the system for the existence of any ".netrc" files, run the following command:

$ sudo find /root /home -xdev -name .netrc

If any .netrc files exist, this is a finding.

Vulnerability Number

V-209049

Documentable

False

Rule Version

OL6-00-000347

Severity Override Guidance

To check the system for the existence of any ".netrc" files, run the following command:

$ sudo find /root /home -xdev -name .netrc

If any .netrc files exist, this is a finding.

Check Content Reference

Target Key

2928

There must be no .netrc files on the system.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments