Check: GEN003845
HP-UX 11.31 STIG:
GEN003845
(in versions v1 r19 through v1 r13)
Title
The rexecd service must not be installed. (Cat II impact)
Discussion
The rexecd process provides a typically unencrypted, host-authenticated remote access service. SSH should be used in place of this service.
Check Content
Determine if the rexecd service is installed. # cat /etc/inetd.conf | sed -e 's/^[ \t]*//' | tr '\011' ' ' | tr -s ' ' |grep -v "^#" | cut -f 6,7 -d " " | grep -c -i rexecd If rexecd is found to be installed, this is a finding.
Fix Text
Edit /etc/inetd.conf and comment out the rexecd service: # vi /etc/inetd.conf Restart the inetd service via the following command: # inetd -c Disable the binary: chmod 000 /usr/lbin/rexecd Additionally, the binary name may also be changed: mv /usr/lbin/rexecd /usr/lbin/<new_binary_name>
Additional Identifiers
Rule ID: SV-35133r1_rule
Vulnerability ID: V-22434
Group Title: GEN003845
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000305 |
The organization develops a list of software programs not authorized to execute on the information system. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |