/usr/sbin/checkrhosts is in rsh-server 0.17-17.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 | #!/usr/bin/perl
#
# checkrhosts: a utility to check the .rhosts files of all users
#
# Copyright (C) 1995 Peter Tobias <tobias@et-inf.fho-emden.de>
#
# checkrhosts is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation; either version 2 of the License,
# or (at your option) any later version.
#
# checkrhosts is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with checkrhosts; if not, write to the Free Software Foundation,
# Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
$version = "1.0";
die "You must be root to run this script.\n" if ($> != 0);
# strip directory from the filename
$0 =~ s#.*/##;
$found = 0;
@skipuser = ("nobody");
setpwent;
user: while(@list = getpwent) {
($login, $uid, $gid, $home) = @list[0,2,3,7];
foreach (@skipuser) {
next user if ( $_ eq $login);
}
if (($home ne "") and (-R "$home/.rhosts")) {
&check_rhosts;
}
}
&display_info if ($found != 0);
endpwent;
###############################################################################
sub check_rhosts {
my(@rhentry);
undef $netgroups;
undef %holes;
undef $host;
open(RHOSTS, "$home/.rhosts") || die "$0: can't open $home/.rhosts\n";
while (<RHOSTS>) {
next if (/^#/);
@rhentry = split(' ');
if (/^[ \t]*\+@/) {
$rhentry[0] =~ s/^\+//;
$netgroups=$netgroups . $rhentry[0] . " ";
}
elsif ($#rhentry > 0) {
$host=$rhentry[0];
shift(@rhentry);
while ( $#rhentry >= 0 ) {
if ( $rhentry[0] ne $login ) {
$holes{$host}=$holes{$host} . $rhentry[0] . " ";
}
shift(@rhentry);
}
}
}
close(RHOSTS);
($fmode, $fuid, $fgid, $fsize) = (stat("$home/.rhosts"))[2,4,5,7];
&display_result;
}
sub display_result {
my($prefix);
$prefix = "[$login]";
if ($fmode & 077) {
&foundp;
printf("%-10s: File is either group or world readable/writable\n", $prefix);
}
if ($uid != $fuid) {
&foundp;
printf("%-10s: UID ($uid) and File UID ($fuid) are not equal\n", $prefix);
}
if (($gid != $fgid) and (!&in_etcgroup)) {
&foundp;
printf("%-10s: GID ($gid) and File GID ($fgid) are not equal\n", $prefix);
}
if (($login eq "ftp") and ($fsize !=0)) {
&foundp;
printf("%-10s: The .rhosts file of the user \"ftp\" should be empty!\n", $prefix);
}
if ($netgroups ne "") {
&foundp;
printf("%-10s: All users in the following netgroups can login without a password:\n", $prefix);
printf("%-10s: --> %s\n", $prefix, $netgroups);
}
for ( keys %holes ) {
&foundp;
printf("%-10s: The following users at \"%s\" can login without a password:\n", $prefix, $_);
printf("%-10s: --> %s\n", $prefix, $holes{$_});
}
if ($foundp) {
$found++;
print "-" x 79 . "\n";
}
undef $foundp
}
sub display_info {
print <<EOF;
Number of insecure .rhosts files: $found
Description of the problems:
----------------------------
Problem 1: * File is either group or world readable/writable
Every user can look at the .rhosts file to find out which users
can login without a password. If the file is writable they could
even change it (e.g. add their own name to it)!
Solution : Change the permissions with \"chmod go-rw .rhosts\".
Problem 2: * UID (X) and File UID (Y) are not equal
The UID of the user and the UID of the .rhosts file are not the
same. The owner of the .rhosts file could change it (e.g. add
other names to it)!
Solution : Change the owner of the .rhosts file with \"chown <user> .rhosts\".
You can also rename the file and create a new one.
Problem 3: * GID (X) and File GID (Y) are not equal
The file does not belong to a group the user is in. Other users
could read, change or delete the .rhosts file depending on the
group permissions.
Solution : Change the group of the .rhosts file with \"chgrp <group> .rhosts\".
You can also rename the file and create a new one.
Problem 4: * The .rhosts file of the user \"ftp\" should be empty!
For security reasons the .rhosts file of the user \"ftp\" should
not contain any entries.
Solution : Remove all entries from the .rhosts file.
Problem 5: * All users in the following netgroups can login without a password
Each user in the netgroup can login without a password. The listed
netgroup should be checked for unwanted users.
Solution : Remove unwanted netgroups from the .rhosts file.
Problem 6: * The following users at <hostname> can login without a password
These entries should be checked carefully. Only trusted users
should be allowed to login without a password from host <hostname>.
Solution : Remove unwanted users from the .rhosts file.
EOF
}
sub in_etcgroup {
setgrent;
while(@gr_list = getgrent) {
($gr_gid,$gr_members) = @gr_list[2,3];
push(@gidlist, $gr_gid) if ($gr_members =~ /$login/);
}
endgrent;
foreach (@gidlist) {
return(1) if ($_ == $fgid);
}
}
sub foundp {
$foundp++;
if (($found == 0) and ($foundp == 1)) {
print "\n\nList of users with insecure .rhosts files\n";
print "-" x 41 . "\n\n";
print "User: Problem:\n";
print "-" x 79 . "\n";
}
}
|