Remote-only accounts (UNIX)

Module: Account Integrity

This check examines login shells and passwords to identify and report user accounts that do have disabling passwords but do not have disabling shells and non-empty .rhosts files in their home directories. Such accounts can be accessed by remote login commands such as rsh, rlogin, rfcp, and rcp. Use the check's name list to exclude or include accounts for the check.

The following table lists the error message for the check.

Table: Error message for Remote-only accounts

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information


Category: ESM Administrative Information

UNIX (5141)

Title: Account is disabled but available remotely

Description:Passwords for the named accounts have been disabled, but users can still access the accounts using remote login commands such as rcp, remsh, or rlogin. This requires that the host and user account names match entries in the hosts.equiv file and that a .rhosts file is located in the user's home directory and owned by the user. You should remove the .rhosts file from the user account's home directory and change the account's login shell to a disabling login shell such as /bin/false.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]