2.1.6 Ensure rsh server is not enabled - rsh

Information

The Berkeley rsh-server ( rsh , rlogin , rexec ) package contains legacy services that
exchange credentials in clear-text.

Rationale:

These legacy services contain numerous security exposures and have been replaced with
the more secure SSH package.

Solution

Comment out or remove any lines starting with shell , login , or exec from
/etc/inetd.conf and /etc/inetd.d/* .
Set disable = yes on all rsh , rlogin , and rexec services in /etc/xinetd.conf and
/etc/xinetd.d/* .

See Also

https://workbench.cisecurity.org/files/2420

Item Details

Category: IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|IA-2(1), 800-53|SI-4, CSCv6|3.4, CSCv6|9.1, CSCv7|4.5, CSCv7|9.2

Plugin: Unix

Control ID: 650174a278e8673cb18ca628b468f35105b9d26a3f5f0d6a4e50f3aff05d59c9