Disabling rhosts authentication

Although most current Linux distributions no longer come configured for this type of authentication, a few older systems may still be vulnerable. First and foremost, make sure that your inetd.conf file does not include support for the rlogin daemon. The command

[ramon]$ grep rlogin /etc/inetd.conf should not return anything. If you do have rlogin enabled, simply delete (or comment out) the offending line and restart the inetd daemon. The r series of remote access commands (rsh, rlogin, rcp) are riddled with security holes and should not be used.

In addition, look for the /etc/hosts.equiv file, or an .rhosts file in any home directory. If there is one, remove or rename it immediately. If this file contains a host name definition (or IP address), users on that host will be able to rlogin to your server without being prompted for a password if you accidentally leave rlogin running. This is the ultimate vulnerability, and it's the main reason why the r commands should never be used.

Use the following command as the root user to periodically weed out all .rhosts files from users' home directories:

[ramon]$ sudo find /home -name ".rhosts" -exec rm {} \;

Continue reading here: Installing TCP Wrappers

Was this article helpful?