Disable rlogin Service
An XCCDF Rule
Description
The rlogin
service, which is available with
the rsh-server
package and runs as a service through xinetd or separately
as a systemd socket, should be disabled.
If using xinetd, set disable
to yes
in /etc/xinetd.d/rlogin
.
The rlogin
socket can be disabled with the following command:
$ sudo systemctl mask --now rlogin.socket
Rationale
The rlogin service uses unencrypted network communications, which means that data from the login session, including passwords and all other information transmitted during the session, can be stolen by eavesdroppers on the network.
- ID
- xccdf_org.ssgproject.content_rule_service_rlogin_disabled
- Severity
- High
- References
- Updated
Remediation - Puppet
include disable_rlogin
class disable_rlogin {
service {'rlogin':
enable => false,
ensure => 'stopped',
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" stop 'rlogin.service'
"$SYSTEMCTL_EXEC" disable 'rlogin.service'
Remediation - Kubernetes Patch
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
config:
ignition:
version: 3.1.0
Remediation - OS Build Blueprint
[customizations.services]
disabled = ["rlogin"]
Remediation - Ansible
- name: Block Disable service rlogin
block:
- name: Disable service rlogin
block: