MacOS – Why is there a hosts.equiv file in the /etc folder

hostsmacosNetwork

I'm running OS 10.11.1 on my Macbook Pro.

I should also preface my question with the admission that my knowledge of the Mac OS is practically zero.

I was looking at (not editing) the hosts file in my /etc folder on my standard account that I use for everyday internet browsing. While going to the /etc folder, I noticed the existence of a hosts.equiv file.

For every previous incarnation of my Macbook that's run Mavericks/Yosemite/etc, I've never noticed a hosts.equiv file before in the /etc folder.

Running man hosts.equiv in Terminal lets me know that it's a list of trusted hosts/users for remote authentication…which I have absolutely no use for or knowledge of how to even implement.

My question is: the mere existence of the hosts.equiv file isn't evidence that my machine is compromised, right? When I open the file with Text Edit, there's nothing listed in it.

Best Answer

If you are concerned that a file isn't installed by Apple then check the package receipts-

pkgutil --file-info /private/etc/hosts.equiv
volume: /
path: /private/etc/hosts.equiv

pkgid: com.apple.pkg.BSD
pkg-version: 10.6.0.1.1.1249367152
install-time: 1324303327
uid: 0
gid: 0

mode: 644

You can then check the BOM file-

lsbom /private/var/db/receipts/com.apple.pkg.BSD.bom | grep hosts.equiv
./private/etc/hosts.equiv   100644  0/0 0   4294967295

Note the last 0 is the file size and the last field is the check sum of the installed file. Now check the check sum of the file-

cksum /private/etc/hosts.equiv
4294967295 0 /private/etc/hosts.equiv

Note the check sum is the same as what is recorded in the BOM file and cksum reports the file size as zero bytes.

Related Question