Check: GEN003830
SUSE Linux Enterprise Server v11 for System z STIG:
GEN003830
(in versions v1 r12 through v1 r9)
Title
The rlogind service must not be running. (Cat II impact)
Discussion
The rlogind process provides a typically unencrypted, host-authenticated remote access service. SSH should be used in place of this service.
Check Content
Check the rlogind configuration. # cat /etc/xinetd.d/rlogin If the file exists and does not contain "disable = yes" this is a finding.
Fix Text
Remove or disable the rlogin configuration and restart xinetd. # rm /etc/xinetd.d/rlogin ; service xinetd restart
Additional Identifiers
Rule ID: SV-45805r1_rule
Vulnerability ID: V-22432
Group Title: GEN003830
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000068 |
The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AC-17 (2) |
Protection Of Confidentiality / Integrity Using Encryption |