Check: GEN003820
HP-UX 11.31 STIG:
GEN003820
(in versions v1 r19 through v1 r13)
Title
The remsh daemon must not be running. (Cat I impact)
Discussion
The remshd process provides a typically unencrypted, host-authenticated remote access service. SSH should be used in place of this service.
Check Content
# cat /etc/inetd.conf | grep -v "^#" | grep -c remshd If the above command return value is greater than 0, this is a finding.
Fix Text
Edit /etc/inetd.conf and comment out the remshd service. Refresh the inetd service. # inetd -c
Additional Identifiers
Rule ID: SV-35130r1_rule
Vulnerability ID: V-4687
Group Title: GEN003820
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000068 |
The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AC-17 (2) |
Protection Of Confidentiality / Integrity Using Encryption |