3.3.4.7 exec

Information

The recommendation is that rexecd is disabled. This service can be performed securely using OpenSSH.

This entry starts the rexecd daemon when required. This daemon executes a command from a remote system once the connection has been authenticated.

Rationale:

The exec service is used to execute a command sent from a remote server. The username and passwords are passed over the network in clear text and therefore insecurely. Unless required the rexecd daemon will be disabled. This function, if required, should be facilitated through SSH.

Solution

In /etc/inetd.conf, comment out the exec entry:

chsubserver -r inetd -C /etc/inetd.conf -d -v 'exec' -p 'tcp6'
refresh -s inetd

Default Value:

Disabled

See Also

https://workbench.cisecurity.org/files/3525

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: 8d27e5a6e2c7289f25c1e27ac2f81b8536f34e3c696328aed12cd0b11b467f0b