5.1.2 Ensure rsh server is not enabled - 'shell'

Information

The Berkeley rsh-server (rsh, rlogin, rcp) package contains legacy services that exchange
credentials in clear-text.


*Rationale*

These legacy service contain numerous security exposures and have been replaced with
the more secure SSH package.

Solution

Remove or comment out any shell, login, or exec lines in /etc/inetd.conf-#shell stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rshd
#login stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rlogind
#exec stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rexecd

See Also

https://workbench.cisecurity.org/files/91

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CSCv6|9.1

Plugin: Unix

Control ID: 34bf043cd91f6ad90a1fa11a80e0803749e7cca1ed5905366d340c4867b62abb