I'm running OS 10.11.1 on my Macbook Pro.
I should also preface my question with the admission that my knowledge of the Mac OS is practically zero.
I was looking at (not editing) the hosts file in my /etc folder on my standard account that I use for everyday internet browsing. While going to the /etc folder, I noticed the existence of a hosts.equiv file.
For every previous incarnation of my Macbook that's run Mavericks/Yosemite/etc, I've never noticed a hosts.equiv file before in the /etc folder.
Running man hosts.equiv
in Terminal lets me know that it's a list of trusted hosts/users for remote authentication…which I have absolutely no use for or knowledge of how to even implement.
My question is: the mere existence of the hosts.equiv file isn't evidence that my machine is compromised, right? When I open the file with Text Edit, there's nothing listed in it.
Best Answer
If you are concerned that a file isn't installed by Apple then check the package receipts-
mode: 644
You can then check the BOM file-
Note the last 0 is the file size and the last field is the check sum of the installed file. Now check the check sum of the file-
Note the check sum is the same as what is recorded in the BOM file and
cksum
reports the file size as zero bytes.