HPE Community
Operating System - HP-UX
1834598 Members
4120 Online
110069 Solutions
New Discussion

Re: .login, .profile and .rhost

 
SOLVED
Go to solution
Joyce Suganthy
Advisor

‎04-13-2003 07:50 PM

‎04-13-2003 07:50 PM

.login, .profile and .rhost

Hi ,

Could you all please help me out here.

The three files above currently have the file permisson as rwxrwxrwx for all the user id as well as root, can i change the file permission to rw------- for all the above files.

Would this disturb the server at any way?
0 Kudos
Reply
8 REPLIES 8
Rodney Hills
Honored Contributor

‎04-13-2003 07:57 PM

‎04-13-2003 07:57 PM

Solution

Re: .login, .profile and .rhost

Absolutelly correct the permissions!! Your system can be easily compromised!!

You may want to check the permissions of other files and directories since they may be used to damage your system.

HTH

-- Rod Hills
There be dragons...
Reply
Michael Tully
Honored Contributor

‎04-13-2003 08:03 PM

‎04-13-2003 08:03 PM

Re: .login, .profile and .rhost

Having the permission set this way is asking for trouble. I don't want to panic anyone, but anyone can get full use of your system.
Definitely change them, but to:

-rw-r----- which relates to 640

Also have a look at the systems umask setting it may need changing.
# umask

To fix this add two line to your /etc/profile file:

# umask setting
umask 022

You will most likely find quite a number of files that have inappropriate permissions. Here is hwo to find them, particularly for the operating system filesystems.
# find / /opt /usr -xdev -type f -perm 666
# find / /opt /usr -xdev -type f -perm 777
# find / /opt /usr -xdev -type d -perm 777

I would also change the root password as well, just to be on the safe side.

Regards
Michael

Anyone for a Mutiny ?
Reply
Steven E. Protter
Exalted Contributor

‎04-13-2003 08:07 PM

‎04-13-2003 08:07 PM

Re: .login, .profile and .rhost

You have either been hacked or someone made a mistake.

I would change the permissions on the above files to r for the owner of the files. I would not let users change the contents of these files.

The can be owned by root and still sourced by users.

.login is the startup source for the c shell, csh

.profile is the startup for posix and korn shell.

.rhost is most distrubing of all in this case. This lets users or bad people change who can remotely log onto your system from other systems.

Even with proper permissions remote login is a security hazard. I'd shut it down in /etc/inetd.conf and use the following secure substitute.

Root priviledges on all your servers were endangered.

It's call secure shell, its free. Here is a link and I'm attaching Chris Vail's cookbook for secure passing of public keys and such to enable secure remote functions.

Secure Shell: a replacement for rcp ftp and telnet that encrypts passwords

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA


SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Bill Douglass
Esteemed Contributor

‎04-13-2003 08:45 PM

‎04-13-2003 08:45 PM

Re: .login, .profile and .rhost

check the permissions on the files in /etc/skel as well.
0 Kudos
Reply
Ramkumar Devanathan
Honored Contributor

‎04-13-2003 09:58 PM

‎04-13-2003 09:58 PM

Re: .login, .profile and .rhost

Suganthy,

Looking at this question and the other question on umask, some compromise has gone on with the unix machines and access permissions... What happened?

Just out of curiosity.

- ramd
HPE Software Rocks!
0 Kudos
Reply
Tim Sanko
Trusted Contributor

‎04-15-2003 04:50 AM

‎04-15-2003 04:50 AM

Re: .login, .profile and .rhost

Before you start resecuring the world, please check with your application vendors.

On rare occasion, an application will have to have access to .rhosts in particular. I learned by changing its permissions. OUCH!

Tim
0 Kudos
Reply
Zafar A. Mohammed_1
Trusted Contributor

‎04-15-2003 04:55 AM

‎04-15-2003 04:55 AM

Re: .login, .profile and .rhost

Its seems somebody change or maybe application require it. Its good to look first at .rhost entry also.

Thanks
Zafar
0 Kudos
Reply
Joyce Suganthy
Advisor

‎04-16-2003 04:57 PM

‎04-16-2003 04:57 PM

Re: .login, .profile and .rhost

Hi,

Actually I am new to this company, the server been there for long, I am asked to look into this matter by the audit department, so that was why I enquired.

Thanks
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.