3.3.32 /etc/inetd.conf - login

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This entry starts the rlogin daemon when required. This service authenticates remote user logins.

This login service is used to authenticate a remote user connection when logging in via the rlogin command. The username and password are passed over the network in clear text and therefore insecurely. Unless required the rlogin daemon will be disabled. This function, if required, should be facilitated through SSH.

Solution

In /etc/inetd.conf, comment out the login entry-

chsubserver -r inetd -C /etc/inetd.conf -d -v 'login' -p 'tcp'

See Also

https://workbench.cisecurity.org/files/528