centos7:2:2:17

2.2.17 Ensure rsh server is not enabled (Scored)

Profile Applicability

Level 1 - Server
Level 1 - Workstation

Description

The Berkeley rsh-server (rsh, rlogin, rexec) package contains legacy services that exchange credentials in clear-text.

Rationale

These legacy services contain numerous security exposures and have been replaced with the more secure SSH package.

Audit

Run the following command and verify result is not “enabled”: 

# systemctl is-enabled rsh.socket
disabled

Run the following command and verify result is not “enabled”: 

# systemctl is-enabled rlogin.socket
disabled

Run the following command and verify result is not “enabled”: 

# systemctl is-enabled rexec.socket
disabled

Remediation

Run the following commands to disable rsh, rlogin, and rexec: 

# systemctl disable rsh.socket 
# systemctl disable rlogin.socket 
# systemctl disable rexec.socket
  • centos7/2/2/17.txt
  • Last modified: 2017/05/04 16:55
  • by Piotr Kłoczewski