Skip to content

Disable rlogin Service

An XCCDF Rule

Description

The rlogin service, which is available with the rsh-server package and runs as a service through xinetd or separately as a systemd socket, should be disabled. If using xinetd, set disable to yes in /etc/xinetd.d/rlogin. The rlogin socket can be disabled with the following command:

$ sudo systemctl mask --now rlogin.socket

Rationale

The rlogin service uses unencrypted network communications, which means that data from the login session, including passwords and all other information transmitted during the session, can be stolen by eavesdroppers on the network.

ID
xccdf_org.ssgproject.content_rule_service_rlogin_disabled
Severity
High
References
Updated



Remediation - OS Build Blueprint


[customizations.services]
disabled = ["rlogin"]

Remediation - Ansible

- name: Block Disable service rlogin
  block:

  - name: Disable service rlogin
    block:


Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" stop 'rlogin.service'
"$SYSTEMCTL_EXEC" disable 'rlogin.service'

Remediation - Kubernetes Patch

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
  config:
    ignition:
      version: 3.1.0

Remediation - Puppet

include disable_rlogin

class disable_rlogin {
  service {'rlogin':
    enable => false,
    ensure => 'stopped',