Details
The Berkeley rsh-server (rsh, rlogin, rcp) package contains legacy services that exchange credentials in clear-text. These legacy service contain numerous security exposures and have been replaced with the more secure SSH package.
Solution
Remove or comment out any shell, login, or exec lines in /etc/inetd.conf- #shell stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rshd#login stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rlogind#exec stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rexecd
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.