The /etc/hosts file was writable by non-root users, allowing attackers to register malicious DNS mappings and redirect legitimate domains (pharming attacks). This check verified that /etc/hosts was owned by root and had appropriate permissions.
reference:
- https://isms.kisa.or.kr/main/csap/notice/
metadata:
verified:true
tags:local,linux,hosts,file,audit,kisa
self-contained:true
code:
- engine:
- sh
- bash
source:|
stat -c "%U %G %a" /etc/hosts 2>/dev/null || echo "not-found"
