2.2.17 Ensure rsh server is not enabled (Scored)
Profile Applicability
Level 1 - Server Level 1 - Workstation
Description
The Berkeley rsh-server
(rsh
, rlogin
, rexec
) package contains legacy services that exchange credentials in clear-text.
Rationale
These legacy services contain numerous security exposures and have been replaced with the more secure SSH package.
Audit
Run the following command and verify result is not “enabled”:
# systemctl is-enabled rsh.socket disabled
Run the following command and verify result is not “enabled”:
# systemctl is-enabled rlogin.socket disabled
Run the following command and verify result is not “enabled”:
# systemctl is-enabled rexec.socket disabled
Remediation
Run the following commands to disable rsh
, rlogin
, and rexec
:
# systemctl disable rsh.socket # systemctl disable rlogin.socket # systemctl disable rexec.socket