✎ 2.2.17 Ensure rsh server is not enabled (Scored) [SecScan]

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.

======2.2.17 Ensure rsh server is not enabled (Scored)======
=====Profile Applicability=====  
<code>
Level 1 - Server
Level 1 - Workstation 
</code>

=====Description=====
The Berkeley ''rsh-server'' (''rsh'', ''rlogin'', ''rexec'') package contains legacy services that exchange credentials in clear-text.

=====Rationale=====
These legacy services contain numerous security exposures and have been replaced with the more secure SSH package.

=====Audit===== 
Run the following command and verify result is not "enabled":
<Code:bash>
# systemctl is-enabled rsh.socket
disabled
</Code>
Run the following command and verify result is not "enabled":
<Code:bash>
# systemctl is-enabled rlogin.socket
disabled
</Code>
Run the following command and verify result is not "enabled":
<Code:bash>
# systemctl is-enabled rexec.socket
disabled
</Code>

=====Remediation===== 
Run the following commands to disable ''rsh'', ''rlogin'', and ''rexec'':
<Code:bash>
# systemctl disable rsh.socket 
# systemctl disable rlogin.socket 
# systemctl disable rexec.socket
</Code>