Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ======2.2.17 Ensure rsh server is not enabled (Scored)====== =====Profile Applicability===== <code> Level 1 - Server Level 1 - Workstation </code> =====Description===== The Berkeley ''rsh-server'' (''rsh'', ''rlogin'', ''rexec'') package contains legacy services that exchange credentials in clear-text. =====Rationale===== These legacy services contain numerous security exposures and have been replaced with the more secure SSH package. =====Audit===== Run the following command and verify result is not "enabled": <Code:bash> # systemctl is-enabled rsh.socket disabled </Code> Run the following command and verify result is not "enabled": <Code:bash> # systemctl is-enabled rlogin.socket disabled </Code> Run the following command and verify result is not "enabled": <Code:bash> # systemctl is-enabled rexec.socket disabled </Code> =====Remediation===== Run the following commands to disable ''rsh'', ''rlogin'', and ''rexec'': <Code:bash> # systemctl disable rsh.socket # systemctl disable rlogin.socket # systemctl disable rexec.socket </Code> centos7/2/2/17.txt Last modified: 2017/05/04 16:55by Piotr Kłoczewski