[WHAT] What is .RHOSTS?

                No comments   
Now I'm reading a book about securing Linux.

 On question for .rhosts, What is .RHOSTS?

 Transient, it seem to be simple. But it's not simple, it's very important. Hackers/Victim could use it to attack our system.

 Because I will explain about it in this article:

 On (*)NIX, the "rhosts" mechanism allows one system to trust another system. This means that if a user logs onto one (*)NIX system, they can further log onto any other system that truts it.

 Only certain programs will use this file:

 rsh: tells the system to open a remote "shell" and run the specifiled program.
rlogin: creates an interactive Telnet session on the other computer.

 Keypoint: 

 1. A common backdoor is to plcae the entry "++" in the rhosts file. This tells the system to trust everybody.

 2. The file simply contains a list of named hosts or IP addreses. Sometime the hacker can forge DNS information in order to convince the victim that he has the same as a trusted system. Alternately, a hacker can sometimes spoof the IP address of a trusted system.
You should not have any .rhosts files on your systems. If the result returns nothong, then you are safe  and your system contain no .rhosts file in the /home directory at this time.

 You can locate all existing .rhosts file on your system with the following command:
[root@r0039 /]#find /home -name .rhosts
Additaonally, you can also use a cron job to periodically check for, report the contents of, and delete $HOME/.rhosts files. Also, users sould be made aware that you regularly perform this type of audit, as directed by your security policy.

 Create the rhosts.cron file (/etc/cron.daily/rhosts.cron) and add the following lines inside the script file.

 #!/bin/bash
/usr/bin/find /home -name .rhosts | (cat <<<EOF) | /bin/mail -s "Hello babe, content of .rhost file audit report" root

 Now make this script executable, verify the owner, change the group to "root"

 [root@r0039 /]#chmod 550 /etc/cron.daily/rhost.cron
[root@r0039 /]#chown 0.0 /etc/cron.daily/rhost.cron

 Each day mail will be sent to "root" with a subject: "Hello babe, content of .rhost file audit report" containing potential new .rhosts file


Thank you for reading this article, please a comment if you are interested.
Tiến Phan - R0039
Knowledge is Endless
Sharing for Success





0 nhận xét:

Post a Comment