tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add (Open)SSH equivalents to rhost files 

SSH also supports host based authentication. In contrast to the totally
insecure rsh, the hostnames are checked cryptographically. The
authorization checks are still done with the same syntax as with rsh.
In addition to the old rhosts/rlogin (and eqviv) file, SSH adds the
slogin file. This must not be writable as well, as attackers could
elevate their privileges.
This commit is contained in:
Simon Biewald 2020-06-20 17:45:34 +02:00
parent b7b132721e
commit 5cd33746a0
No known key found for this signature in database
GPG Key ID: DAD5F452603F1344
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
default.prf
View File

@ -304,8 +304,10 @@ permfile=/etc/passwd:rw-r--r--:root:-:WARN:
permfile=/etc/passwd-:rw-r--r--:root:-:WARN:
permfile=/etc/ssh/sshd_config:rw-------:root:-:WARN:
permfile=/etc/hosts.equiv:rw-r--r--:root:root:WARN:
permfile=/etc/shosts.equiv:rw-r--r--:root:root:WARN:
permfile=/root/.rhosts:rw-------:root:root:WARN:
permfile=/root/.rlogin:rw-------:root:root:WARN:
permfile=/root/.shosts:rw-------:root:root:WARN:
# These permissions differ by OS
#permfile=/etc/gshadow:---------:root:-:WARN: