3.1.5.24 shell

Information

This entry starts the rshd daemon when required. This daemon executes a command from a remote system.

Rationale:

This shell service is used to execute a command from a remote server. The username and passwords are passed over the network in clear text and therefore insecurely. Unless required the rshd daemon will be disabled. This function, if required, should be facilitated through SSH.

Solution

Use chsubserver to disable this service in /etc/inetd.conf:

chsubserver -r inetd -C /etc/inetd.conf -d -v 'shell' -p 'tcp6'
refresh -s inetd

Default Value:

Enabled

See Also

https://workbench.cisecurity.org/files/4119

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: 75f54c0028fa426200653a49ba7942d6b880baee898ebdb47dddd540383068fe