Ruser contents.gifindex.gif

Ruser

This check searches for users on the remote host. It provides information on how busy the machine is and on login accounts an intruder can use in an attack. Obtained account information is used by the scanner in a brute-force default attack.

Risk: Low

Fix: When the system is vulnerable to such an intrusion, you can disable the server. Place a # at the beginning of the appropriate line in the file /etc/inetd.conf, and then send the SIGHUP signal to the inetd process. For example, a disabled rusers entry might appear as:

#rusersd/2 dgram rpc/udp wait root /usr/etc/rusersd rusersd