A
file in a
home directory containing
usernames
and
hosts from which
authorized users can
connect without typing a
password.
Plus signs indicate that anyone can connect, or
that any host can connect if in the second field.
"+ +" means that anyone can login using rlogin, rsh,
rcp, or rexec without typing a password. Many
cracking program attempt to overwrite the root
account's .rhosts file with "+ +". To some
extent, this can be overcome by making .rhosts
a directory owned by root. In that case the cracker
can try overwriting /etc/hosts.equiv or /etc/passwd
or any other number of files.