2.1.6 Ensure rsh server is not enabled - rexec

Information

The Berkeley rsh-server ( rsh , rlogin , rexec ) package contains legacy services that
exchange credentials in clear-text.

Rationale:

These legacy services contain numerous security exposures and have been replaced with
the more secure SSH package.

Solution

Comment out or remove any lines starting with shell , login , or exec from
/etc/inetd.conf and /etc/inetd.d/* .
Set disable = yes on all rsh , rlogin , and rexec services in /etc/xinetd.conf and
/etc/xinetd.d/* .

See Also

https://workbench.cisecurity.org/files/2420

Item Details

Category: CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

References: 800-53|CM-7b., 800-53|IA-2(1), CSCv6|3.4, CSCv6|9.1, CSCv7|4.5, CSCv7|9.2

Plugin: Unix

Control ID: 61197a05ff2831d90dbf9ee9f9fbb0ae572153ddd6462ec1691105c83e2c691e