On question for .rhosts, What is .RHOSTS?
Transient, it seem to be simple. But it's not simple, it's very important. Hackers/Victim could use it to attack our system.
Because I will explain about it in this article:
On (*)NIX, the "rhosts" mechanism allows one system to trust another system. This means that if a user logs onto one (*)NIX system, they can further log onto any other system that truts it.
Only certain programs will use this file:
rsh: tells the system to open a remote "shell" and run the specifiled program.
rlogin: creates an interactive Telnet session on the other computer.
Keypoint:
1. A common backdoor is to plcae the entry "++" in the rhosts file. This tells the system to trust everybody.
2. The file simply contains a list of named hosts or IP addreses. Sometime the hacker can forge DNS information in order to convince the victim that he has the same as a trusted system. Alternately, a hacker can sometimes spoof the IP address of a trusted system.
You should not have any .rhosts files on your systems. If the result returns nothong, then you are safe and your system contain no .rhosts file in the /home directory at this time.
You can locate all existing .rhosts file on your system with the following command:
[root@r0039 /]#find /home -name .rhosts
Additaonally, you can also use a cron job to periodically check for, report the contents of, and delete $HOME/.rhosts files. Also, users sould be made aware that you regularly perform this type of audit, as directed by your security policy.
Create the rhosts.cron file (/etc/cron.daily/rhosts.cron) and add the following lines inside the script file.
#!/bin/bash
/usr/bin/find /home -name .rhosts | (cat <<<EOF) | /bin/mail -s "Hello babe, content of .rhost file audit report" root
Now make this script executable, verify the owner, change the group to "root"
[root@r0039 /]#chmod 550 /etc/cron.daily/rhost.cron
[root@r0039 /]#chown 0.0 /etc/cron.daily/rhost.cron
Each day mail will be sent to "root" with a subject: "Hello babe, content of .rhost file audit report" containing potential new .rhosts file
Thank you for reading this article, please a comment if you are interested.
Tiến Phan - R0039
Knowledge is Endless
Sharing for Success
0 nhận xét:
Post a Comment