This file is indexed.

/usr/sbin/checkrhosts is in rsh-server 0.17-17.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
#!/usr/bin/perl
#
# checkrhosts: a utility to check the .rhosts files of all users
#
# Copyright (C) 1995 Peter Tobias <tobias@et-inf.fho-emden.de>
#
#    checkrhosts is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published
#    by the Free Software Foundation; either version 2 of the License,
#    or (at your option) any later version.
#
#    checkrhosts is distributed in the hope that it will be useful, but
#    WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
#    General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with checkrhosts; if not, write to the Free Software Foundation,
#    Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#

$version = "1.0";

die "You must be root to run this script.\n" if ($> != 0);


# strip directory from the filename
$0 =~ s#.*/##;

$found = 0;
@skipuser = ("nobody");

setpwent;
user: while(@list = getpwent) {
	($login, $uid, $gid, $home) = @list[0,2,3,7];

	foreach (@skipuser) {
		next user if ( $_ eq $login);
	}

	if (($home ne "") and (-R "$home/.rhosts")) {
		&check_rhosts;
	}
}
&display_info if ($found != 0);
endpwent;

###############################################################################

sub check_rhosts {
	my(@rhentry);
	undef $netgroups;
	undef %holes;
	undef $host;
	open(RHOSTS, "$home/.rhosts") || die "$0: can't open $home/.rhosts\n";
	while (<RHOSTS>) {
		next if (/^#/);
		@rhentry = split(' ');
		if (/^[ \t]*\+@/) { 
			$rhentry[0] =~ s/^\+//;
			$netgroups=$netgroups . $rhentry[0] . " ";
		}
		elsif ($#rhentry > 0) {
			$host=$rhentry[0];
			shift(@rhentry);
			while ( $#rhentry >= 0 ) {
				if ( $rhentry[0] ne $login )  {
					$holes{$host}=$holes{$host} . $rhentry[0] . " ";
				}
				shift(@rhentry);
			}
     		}
    	}
    	close(RHOSTS);
	($fmode, $fuid, $fgid, $fsize) = (stat("$home/.rhosts"))[2,4,5,7];
	&display_result;
}

sub display_result {
	my($prefix);
	$prefix = "[$login]";
	if ($fmode & 077) {
		&foundp;
		printf("%-10s: File is either group or world readable/writable\n", $prefix);
	}
	if ($uid != $fuid) {
		&foundp;
		printf("%-10s: UID ($uid) and File UID ($fuid) are not equal\n", $prefix);
	}
	if (($gid != $fgid) and (!&in_etcgroup)) {
		&foundp;
		printf("%-10s: GID ($gid) and File GID ($fgid) are not equal\n", $prefix);
	}
	if (($login eq "ftp") and ($fsize !=0)) {
		&foundp;
		printf("%-10s: The .rhosts file of the user \"ftp\" should be empty!\n", $prefix);
	}
	if ($netgroups ne "") {
		&foundp;
		printf("%-10s: All users in the following netgroups can login without a password:\n", $prefix);
		printf("%-10s: --> %s\n", $prefix, $netgroups);
	}

	for ( keys %holes )  {
		&foundp;
		printf("%-10s: The following users at \"%s\" can login without a password:\n", $prefix, $_);
		printf("%-10s: --> %s\n", $prefix, $holes{$_});
	}
	if ($foundp) {
		$found++;
		print "-" x 79 . "\n";
	}
	undef $foundp
}

sub display_info {
	print <<EOF;


Number of insecure .rhosts files: $found


Description of the problems:
----------------------------

Problem 1: * File is either group or world readable/writable
           Every user can look at the .rhosts file to find out which users
           can login without a password. If the file is writable they could
           even change it (e.g. add their own name to it)!
Solution : Change the permissions with \"chmod go-rw .rhosts\".


Problem 2: * UID (X) and File UID (Y) are not equal
           The UID of the user and the UID of the .rhosts file are not the
           same. The owner of the .rhosts file could change it (e.g. add
           other names to it)!
Solution : Change the owner of the .rhosts file with \"chown <user> .rhosts\".
           You can also rename the file and create a new one.


Problem 3: * GID (X) and File GID (Y) are not equal
           The file does not belong to a group the user is in. Other users
           could read, change or delete the .rhosts file depending on the
           group permissions.
Solution : Change the group of the .rhosts file with \"chgrp <group> .rhosts\".
           You can also rename the file and create a new one.


Problem 4: * The .rhosts file of the user \"ftp\" should be empty!
           For security reasons the .rhosts file of the user \"ftp\" should
           not contain any entries.
Solution : Remove all entries from the .rhosts file.


Problem 5: * All users in the following netgroups can login without a password
           Each user in the netgroup can login without a password. The listed
           netgroup should be checked for unwanted users.
Solution : Remove unwanted netgroups from the .rhosts file.


Problem 6: * The following users at <hostname> can login without a password
           These entries should be checked carefully. Only trusted users
           should be allowed to login without a password from host <hostname>.
Solution : Remove unwanted users from the .rhosts file.


EOF
}

sub in_etcgroup {
	setgrent;
	while(@gr_list = getgrent) {
		($gr_gid,$gr_members) = @gr_list[2,3];
		push(@gidlist, $gr_gid) if ($gr_members =~ /$login/);
	}
	endgrent;
	foreach (@gidlist) {
		return(1) if ($_ == $fgid);
	}
}

sub foundp {
	$foundp++;
	if (($found == 0) and ($foundp == 1)) {
		print "\n\nList of users with insecure .rhosts files\n";
		print "-" x 41 . "\n\n";
		print "User:       Problem:\n";
		print "-" x 79 . "\n";
	}
}