Startup file contents (UNIX)

Module: User Files

This check reports accounts that have a .rhosts file or .netrc file. For .rhosts files, the check produces a list of users and systems that are not required to enter a password. For .netrc files, the check produces a list of entries containing passwords. The check's name lists let you exclude users and user groups that are not already excluded by the Users to check option.

The following table lists the error messages for the check.

Table: Error messages for Startup file contents

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_NETRC Category: System Error	UNIX (5443)	Title: Account has a .netrc file Description:The named accounts have .netrc files. These files provide a way for unauthorized users to access your system without entering a password. You should remove these files from the accounts. Further protection can be provided by placing a zero length, root owned .netrc file with permissions set to 0400 in each account's home directory.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_NETRC_PASS Category: System Error	UNIX (5444)	Title: Netrc file contains password Description:The account has a .netrc file containing one or more passwords. A privileged user or a user with access to this account can read this file and obtain passwords for accounts on other systems. This can enable unauthorized access to those systems. You should ask the named users to remove all password entries from their .netrc files.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_NETRC_PASS_READ Category: System Error	UNIX (5445)	Title: Passwords in readable .netrc file Description:The account has a group/world readable .netrc file that contains passwords. Users can read this file and obtain passwords for these accounts. You should set the permissions for the .netrc file to allow only the owner to read and write the file. You should also ask the users to remove all password entries from their .netrc files.	Severity: red-4 Correctable: true Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_RHOSTS Category: System Error	UNIX (5446)	Title: Account has a .rhost file Description:The named accounts have .rhost files. These files provide a way for unauthorized users to access your system without entering a password. You should remove these files from the accounts. Further protection can be provided by placing a zero length, root owned .rhosts file with permissions set to 0400 in each account's home directory.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_RLOGIN Category: System Error	UNIX (5447)	Title: Remote user may rlogin/rsh without password Description:The named accounts have entries in the .rhost files. These entries allow unauthorized users on remote hosts to access your system without specifying a password. You should carefully review the named accounts and remove any unnecessary entries in the .rhosts files.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_RLOGIN_ANY_HOST Category: System Error	UNIX (5448)	Title: Account allows rlogins from any host Description:The named accounts have entries in the .rhosts files that allow rlogins from any host using the remote user name. These entries allow unauthorized users on remote hosts to access your system without specifying a password. You should remove the .rhosts files from these accounts.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_RLOGIN_ANY_USER Category: System Error	UNIX (5449)	Title: Account allows rlogins by any user Description:The named accounts have entries in their .rhosts files that allow any users on listed remote systems to access your system. You should remove the .rhosts files from these accounts.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_NETRC

Category: System Error

UNIX (5443)

Title: Account has a .netrc file

Description:The named accounts have .netrc files. These files provide a way for unauthorized users to access your system without entering a password. You should remove these files from the accounts. Further protection can be provided by placing a zero length, root owned .netrc file with permissions set to 0400 in each account's home directory.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_NETRC_PASS

Category: System Error

UNIX (5444)

Title: Netrc file contains password

Description:The account has a .netrc file containing one or more passwords. A privileged user or a user with access to this account can read this file and obtain passwords for accounts on other systems. This can enable unauthorized access to those systems. You should ask the named users to remove all password entries from their .netrc files.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_NETRC_PASS_READ

Category: System Error

UNIX (5445)

Title: Passwords in readable .netrc file

Description:The account has a group/world readable .netrc file that contains passwords. Users can read this file and obtain passwords for these accounts. You should set the permissions for the .netrc file to allow only the owner to read and write the file. You should also ask the users to remove all password entries from their .netrc files.

Severity: red-4

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_RHOSTS

Category: System Error

UNIX (5446)

Title: Account has a .rhost file

Description:The named accounts have .rhost files. These files provide a way for unauthorized users to access your system without entering a password. You should remove these files from the accounts. Further protection can be provided by placing a zero length, root owned .rhosts file with permissions set to 0400 in each account's home directory.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_RLOGIN

Category: System Error

UNIX (5447)

Title: Remote user may rlogin/rsh without password

Description:The named accounts have entries in the .rhost files. These entries allow unauthorized users on remote hosts to access your system without specifying a password. You should carefully review the named accounts and remove any unnecessary entries in the .rhosts files.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_RLOGIN_ANY_HOST

Category: System Error

UNIX (5448)

Title: Account allows rlogins from any host

Description:The named accounts have entries in the .rhosts files that allow rlogins from any host using the remote user name. These entries allow unauthorized users on remote hosts to access your system without specifying a password. You should remove the .rhosts files from these accounts.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_RLOGIN_ANY_USER

Category: System Error

UNIX (5449)

Title: Account allows rlogins by any user

Description:The named accounts have entries in their .rhosts files that allow any users on listed remote systems to access your system. You should remove the .rhosts files from these accounts.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]