2.1.6 Ensure rsh server is not enabled - 'rexec'

Information

The Berkeley rsh-server (rsh, rlogin, rexec) package contains legacy services that exchange credentials in clear-text. These legacy services contain numerous security exposures and have been replaced with the more secure SSH package.

Solution

Comment out or remove any lines starting with shell, login, or exec from /etc/inetd.conf and /etc/inetd.d/*. Set disable = yes on all rsh, rlogin, and rexec services in /etc/xinetd.conf and /etc/xinetd.d/*.

See Also

https://workbench.cisecurity.org/files/1866

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CSCv6|3.4

Plugin: Unix

Control ID: 11aac04c725a63b608405e2b3ecf081963ea302525c2bc78be877b59a5e44ddb