Check: GEN003820
Title
The rsh daemon must not be running. (Cat I impact)
Discussion
The rshd process provides a typically unencrypted, host-authenticated remote access service. SSH should be used in place of this service.
Check Content
# chkconfig If the service is enabled, this is a finding.
Fix Text
Disable the remote shell service and restart inetd.
Additional Identifiers
Rule ID:
Vulnerability ID: V-4687
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000068 |
Implement cryptographic mechanisms to protect the confidentiality of remote access sessions. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AC-17(2) |
Protection of Confidentiality and Integrity Using Encryption |