STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The .rhosts, .shosts, hosts.equiv, shosts.equiv, /etc/passwd, /etc/shadow, and/or /etc/group files must not contain a plus (+) without defining entries for NIS+ netgroups.

DISA Rule

SV-226560r603265_rule

Vulnerability Number

V-226560

Group Title

SRG-OS-000480

Rule Version

GEN001980

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit the .rhosts, .shosts, hosts.equiv, shosts.equiv, /etc/passwd, /etc/shadow, and/or /etc/group files and remove entries containing a plus (+).

Check Contents

Check system configuration files for plus (+) entries.

Procedure:
# find / -name .rhosts -exec grep + {} \;

# find / -name .shosts -exec grep + {} \;

# find / -name hosts.equiv -exec grep + {} \;

# find / -name shosts.equiv -exec grep + {} \;


# grep + /etc/passwd
# grep + /etc/shadow
# grep + /etc/group

If the .rhosts, .shosts, hosts.equiv, shosts.equiv, /etc/passwd, /etc/shadow, and/or /etc/group files contain a plus (+) and do not define entries for NIS+ netgroups, this is a finding.

Vulnerability Number

V-226560

Documentable

False

Rule Version

GEN001980

Severity Override Guidance

Check system configuration files for plus (+) entries.

Procedure:
# find / -name .rhosts -exec grep + {} \;

# find / -name .shosts -exec grep + {} \;

# find / -name hosts.equiv -exec grep + {} \;

# find / -name shosts.equiv -exec grep + {} \;


# grep + /etc/passwd
# grep + /etc/shadow
# grep + /etc/group

If the .rhosts, .shosts, hosts.equiv, shosts.equiv, /etc/passwd, /etc/shadow, and/or /etc/group files contain a plus (+) and do not define entries for NIS+ netgroups, this is a finding.

Check Content Reference

M

Target Key

4060

Comments