====== 2.1.6 Ensure rsh server is not enabled (Scored)======
=====Profile Applicability=====  
<code>
Level 1 - Server 
Level 1 - Workstation
</code>

=====Description=====
The Berkeley ''rsh-server'' (''rsh'', ''rlogin'', ''rexec'') package contains legacy services that exchange credentials in clear-text.

=====Rationale=====
These legacy services contain numerous security exposures and have been replaced with the more secure SSH package.

=====Audit===== 
Verify the ''rsh'' services are not enabled. Run the following commands and verify results are as indicated: 
<Code:bash>
grep -R "^shell" /etc/inetd.*
grep -R "^login" /etc/inetd.*
grep -R "^exec" /etc/inetd.*
</Code>
No results should be returned \\ \\
check ''/etc/xinetd.conf'' and ''/etc/xinetd.d/*'' and verify all ''rsh'', ''rlogin'' and ''rexec'' services have ''disable = yes'' set.

=====Remediation===== 
Comment out or remove any lines starting with ''shell'', ''login'' or ''exec'' from ''/etc/inetd.conf'' and ''/etc/inetd.d/*''.\\
Set ''disable = yes'' on all ''rsh'', ''rlogin'' and ''rexec'' services in ''/etc/xinetd.conf'' and ''/etc/xinetd.d/*''.