Navigate

Check: GEN003820 M6

MACOSX 10.6: GEN003820 M6 (in version v1 r3)

Title

The rsh daemon must not be running. (Cat I impact)

Discussion

The rshd process provides a typically unencrypted, host-authenticated remote access service. SSH should be used in place of this service.

Check Content

Open a terminal session and use the following command to view the rshd status. defaults read /var/db/launchd.db/com.apple.launchd/overrides com.apple.rshd If the command does not return a value of 1, this is a finding.

Fix Text

Open a terminal session and use the following command to disable rshd. launchctl unload -w /System/Library/LaunchDaemons/shell.plist NOTE: This command is being run to adjust the overrides file; unloading errors are normal, repeat the check to verify.

Additional Identifiers

Rule ID: SV-38052r1_rule

Vulnerability ID: V-4687

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000068	The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-17 (2)	Protection Of Confidentiality / Integrity Using Encryption