An error occurred:

Check: GEN003835

HP-UX 11.31 STIG: GEN003835 (in versions v1 r19 through v1 r13)

Title

The rlogind service must not be installed. (Cat II impact)

Discussion

The rlogind process provides a typically unencrypted, host-authenticated remote access service. SSH should be used in place of this service.

Check Content

Determine if the rlogind service is installed. # cat /etc/inetd.conf | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' | grep -v "^#" | grep -c rlogind If rlogind is found to be installed, this is a finding.

Fix Text

Edit /etc/inetd.conf and comment out the rlogind service: # vi /etc/inetd.conf Restart the inetd service via the following command: # inetd -c Disable the rlogind binary: chmod 000 /usr/lbin/rlogind Additionally, the binary name may also be changed: mv /usr/lbin/rlogind /usr/lbin/<new_binary_name>

Additional Identifiers

Rule ID: SV-35131r1_rule

Vulnerability ID: V-22433

Group Title: GEN003835

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000305

The organization develops a list of software programs not authorized to execute on the information system.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check