Remote shell access

Summary

Remote shell/remote login access from arbitrary hosts.

Impact

The machine can be taken over by any malicious (super)user on the network.

The problem

When the remote login/remote shell service trusts every host on the network, a malicious superuser on an arbitrary host can gain access as any user (except perhaps root). Once inside, the intruder can replace system programs or configuration files (such as the password file) and take over the machine.

In addition, there are guest or administrative accounts that might not have passwords protecting the account, which allows anyone to remotely login as that user and gain access to the host.

Fix

Remove the wildcard (+) from the /etc/hosts.equiv file. Be careful with the use of the -@group netgroup feature, as there are many incorrect implementations.

Delete or disable any accounts without a password from the system or NIS password file.

Other tips

Give system accounts such as bin and daemon a non-functional shell (such as /bin/false) and put them in the /etc/ftpusers file so they cannot use ftp.
See the Guide to Cracking for an example of why this is a problem.

[Main page]