Tutorial - remote shell on the Internet
Remote shell on the Internet
Summary
Remote shell/remote login access may be possible.
Impact
The machine advertises rsh or rlogin as available services. SARA cannot
determine if there are vulnerable accounts that can be accessed.
The problem
When the remote login/remote shell service trusts other hosts/and or
users on the
network, a malicious user could possibly gain access. However, SARA
cannot verify that any vulnerability exists.
Fix
Review any .hosts or the /etc/hosts.equiv files do not
have excessive permissions. Excessive permissions may include the "+"
character.
Delete or disable any accounts without a password from the system or
NIS password file.
Other tips
- Give system accounts such as bin and daemon a
non-functional shell (such as /bin/false) and put them in
the /etc/ftpusers file so they cannot use ftp.
- See the
Admin
Guide to Cracking for an example of why this is a problem.