Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: R* Service and Security Concerns
Top Forums UNIX for Beginners Questions & Answers R* Service and Security Concerns Post 302985703 by rbatte1 on Monday 14th of November 2016 11:09:32 AM
Old 11-14-2016
With a poorly configured set of files, you can open yourself up to unhindered intrusion. Sadly I once inherited an application that relied on the source IP address of a connection be secure and we had all sorts of spaghetti to get the thing to work when someone new joined or worse, someone moved desk, usually without telling us. We did eventually get on top of it, but it was a long, hard slog.

Best plan is to avoid allowing anything that you are not absolutely certain of.

Individual .rhosts files can be useful but they can be abused so auditors do not like them.

What are you trying to achieve? There may be a better way altogether.



Robin
 

2 More Discussions You Might Find Interesting

1. AIX

Unix security -- FTP service????

I would like to ask for you suggestions or comments see if you can help. Since system auditing is under progress and the AIX is the main investigated unit. They are asking to disable the FTP service to enhance the security but I doubt. For daily use, the FTP will help administrator to download... (1 Reply)
Discussion started by: shanemcmahon
1 Replies

2. Linux

RPC Services Security Concerns

Hi there, I am trying to understand the how is it possible to enumerate RPC services and the common RPC services and the most-commonly found RPC vulnerability. (1 Reply)
Discussion started by: alvinoo
1 Replies

LEARN ABOUT FREEBSD

hosts.equiv

HOSTS.EQUIV(5)						      BSD File Formats Manual						    HOSTS.EQUIV(5)

NAME

     hosts.equiv, .rhosts -- trusted remote host and user name data base

DESCRIPTION

     The hosts.equiv and .rhosts files contain information regarding trusted hosts and users on the network.  For each host a single line should
     be present with the following information:

     simple

	   hostname [username]

     or the more verbose

	   [+-][hostname|@netgroup] [[+-][username|@netgroup]]

     A ``@'' indicates a host by netgroup or user by netgroup.	A single ``+'' matches all hosts or users.  A host name with a leading ``-'' will
     reject all matching hosts and all their users.  A user name with leading ``-'' will reject all matching users from matching hosts.

     Items are separated by any number of blanks and/or tab characters.  A ``#'' indicates the beginning of a comment; characters up to the end of
     the line are not interpreted by routines which search the file.

     Host names are specified in the conventional Internet DNS dotted-domains ``.'' (dot) notation using the inet_addr(3) routine from the Inter-
     net address manipulation library, inet(3).  Host names may contain any printable character other than a field delimiter, newline, or comment
     character.

     For security reasons, a user's .rhosts file will be ignored if it is not a regular file, or if it is not owned by the user, or if it is
     writable by anyone other than the user.

FILES

     /etc/hosts.equiv	  The hosts.equiv file resides in /etc.
     $HOME/.rhosts	  .rhosts file resides in $HOME.

EXAMPLES

	   bar.com foo

     Trust user ``foo'' from host ``bar.com''.

	   +@allclient

     Trust all hosts from netgroup ``allclient''.

	   +@allclient -@dau

     Trust all hosts from netgroup ``allclient'' and their users except users from netgroup ``dau''.

SEE ALSO

     rcp(1), rlogin(1), rsh(1), gethostbyname(3), inet(3), innetgr(3), ruserok(3), netgroup(5), ifconfig(8), yp(8)

BUGS

     This manual page is incomplete.  For more information read the source in src/lib/libc/net/rcmd.c or the SunOS manual page.

BSD
								 December 25, 2013							       BSD
All times are GMT -4. The time now is 01:39 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy