Skip to content

Disable rsh Service

An XCCDF Rule

Description

The rsh service, which is available with the rsh-server package and runs as a service through xinetd or separately as a systemd socket, should be disabled. If using xinetd, set disable to yes in /etc/xinetd.d/rsh. The rsh socket can be disabled with the following command:

$ sudo systemctl mask --now rsh.socket

Rationale

The rsh service uses unencrypted network communications, which means that data from the login session, including passwords and all other information transmitted during the session, can be stolen by eavesdroppers on the network.

ID
xccdf_org.ssgproject.content_rule_service_rsh_disabled
Severity
High
References
Updated



Remediation - Kubernetes Patch

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
  config:
    ignition:
      version: 3.1.0

Remediation - OS Build Blueprint


[customizations.services]
disabled = ["rsh"]

Remediation - Ansible

- name: Block Disable service rsh
  block:

  - name: Disable service rsh
    block:


Remediation - Puppet

include disable_rsh

class disable_rsh {
  service {'rsh':
    enable => false,
    ensure => 'stopped',

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" stop 'rsh.service'
"$SYSTEMCTL_EXEC" disable 'rsh.service'