Check: GEN003840
HP-UX 11.31 STIG:
GEN003840
(in versions v1 r19 through v1 r13)
Title
The rexec daemon must not be running. (Cat I impact)
Discussion
The rexecd process provides a typically unencrypted, host-authenticated remote access service. SSH should be used in place of this service.
Check Content
# cat /etc/inetd.conf | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' |grep -v "^#" | \ cut -f 6,7 -d " " | grep -c -i rexecd If any results are returned, this is a finding.
Fix Text
Edit /etc/inetd.conf and comment out the line for the rexec daemon service. Restart the inetd service via the following command: # inetd -c
Additional Identifiers
Rule ID: SV-35132r2_rule
Vulnerability ID: V-4688
Group Title: GEN003840
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-001435 |
The organization defines networking protocols within the information system deemed to be nonsecure. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |