An error occurred:

Check: GEN003845

HP-UX 11.31 STIG: GEN003845 (in versions v1 r19 through v1 r13)

Title

The rexecd service must not be installed. (Cat II impact)

Discussion

The rexecd process provides a typically unencrypted, host-authenticated remote access service. SSH should be used in place of this service.

Check Content

Determine if the rexecd service is installed. # cat /etc/inetd.conf | sed -e 's/^[ \t]*//' | tr '\011' ' ' | tr -s ' ' |grep -v "^#" | cut -f 6,7 -d " " | grep -c -i rexecd If rexecd is found to be installed, this is a finding.

Fix Text

Edit /etc/inetd.conf and comment out the rexecd service: # vi /etc/inetd.conf Restart the inetd service via the following command: # inetd -c Disable the binary: chmod 000 /usr/lbin/rexecd Additionally, the binary name may also be changed: mv /usr/lbin/rexecd /usr/lbin/<new_binary_name>

Additional Identifiers

Rule ID: SV-35133r1_rule

Vulnerability ID: V-22434

Group Title: GEN003845

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000305

The organization develops a list of software programs not authorized to execute on the information system.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check