The kshell daemon must be disabled on AIX.

An XCCDF Rule

Details
Profiles

Description

The kshell service offers a higher degree of security than traditional rsh services. However, it still does not use encrypted communications. The recommendation is to use SSH wherever possible instead of kshell. If the kshell service is used, you should use the latest Kerberos version available and must make sure that all the latest patches are installed.

ID: SV-215384r958478_rule
Version: AIX7-00-003079
Severity: Medium
References: CCI-000381
Updated: 24 days ago

Remediation Templates

In "/etc/inetd.conf", comment out the "kshell" entry by running command:  
# chsubserver -r inetd -C /etc/inetd.conf -d -v 'kshell' -p 'tcp'

Restart inetd:
# refresh -s inetd

The kshell daemon must be disabled on AIX.

Description

Remediation Templates

A Manual Procedure