2.1.6 Ensure rsh server is not enabled (Scored)

Level 1 - Server 
Level 1 - Workstation

The Berkeley rsh-server (rsh, rlogin, rexec) package contains legacy services that exchange credentials in clear-text.

These legacy services contain numerous security exposures and have been replaced with the more secure SSH package.

Verify the rsh services are not enabled. Run the following commands and verify results are as indicated:

grep -R "^shell" /etc/inetd.*
grep -R "^login" /etc/inetd.*
grep -R "^exec" /etc/inetd.*

No results should be returned

check /etc/xinetd.conf and /etc/xinetd.d/* and verify all rsh, rlogin and rexec services have disable = yes set.

Comment out or remove any lines starting with shell, login or exec from /etc/inetd.conf and /etc/inetd.d/*.
Set disable = yes on all rsh, rlogin and rexec services in /etc/xinetd.conf and /etc/xinetd.d/*.

  • ubuntu1604/2/1/6.txt
  • Last modified: 2017/05/02 10:18
  • by Piotr K┼éoczewski