{"description": "The <tt>shosts.equiv</tt> file lists remote hosts and users that are trusted by the local\nsystem. To remove these files, run the following command to delete them from any location:\n<pre>$ sudo rm /[path]/[to]/[file]/shosts.equiv</pre>", "rationale": "The shosts.equiv files are used to configure host-based authentication for the system via SSH.\nHost-based authentication is not sufficient for preventing unauthorized access to the system,\nas it does not require interactive identification and authentication of a connection request,\nor for the use of two-factor authentication.", "severity": "high", "references": {"srg": ["SRG-OS-000480-GPOS-00227"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "shosts.equiv files exist", "ocil": "Verify that there are no <tt>shosts.equiv</tt> files on the system, run the following command:\n<pre>$ find / -name shosts.equiv</pre>", "oval_external_content": null, "fixtext": "Remove any found \"shosts.equiv\" files from the system.\n\n$ sudo rm  /[path]/[to]/[file]/shosts.equiv", "checktext": "", "vuldiscussion": "", "srg_requirement": "There must be no shosts.equiv files on Ubuntu 22.04", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "There must be no shosts.equiv files on Ubuntu 22.04.", "vuldiscussion": "The shosts.equiv files are used to configure host-based authentication for the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.", "checktext": "Verify there are no \"shosts.equiv\" files on Ubuntu 22.04 with the following command:\n\n$ sudo find / -name shosts.equiv\n\nIf a \"shosts.equiv\" file is found, this is a finding.", "fixtext": "Remove any found \"shosts.equiv\" files from the system.\n\n$ sudo rm /[path]/[to]/[file]/shosts.equiv"}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Remove Host-Based Authentication Files", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml", "template": null}