{"description": "The <code>rsh-server</code> package can be removed with the following command:\n<pre>\n$ apt-get remove rsh-server</pre>", "rationale": "The <tt>rsh-server</tt> service provides unencrypted remote access service which does not\nprovide for the confidentiality and integrity of user passwords or the remote session and has very weak\nauthentication. If a privileged user were to login using this service, the privileged user password\ncould be compromised. The <tt>rsh-server</tt> package provides several obsolete and insecure\nnetwork services. Removing it decreases the risk of those services' accidental (or intentional)\nactivation.", "severity": "high", "references": {"cis-csc": ["11", "12", "14", "15", "3", "8", "9"], "cobit5": ["APO13.01", "BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05", "DSS01.04", "DSS05.02", "DSS05.03", "DSS05.05", "DSS06.06"], "hipaa": ["164.308(a)(4)(i)", "164.308(b)(1)", "164.308(b)(3)", "164.310(b)", "164.312(e)(1)", "164.312(e)(2)(ii)"], "isa-62443-2009": ["4.3.3.5.1", "4.3.3.5.2", "4.3.3.5.3", "4.3.3.5.4", "4.3.3.5.5", "4.3.3.5.6", "4.3.3.5.7", "4.3.3.5.8", "4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9", "4.3.3.7.1", "4.3.3.7.2", "4.3.3.7.3", "4.3.3.7.4", "4.3.4.3.2", "4.3.4.3.3"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.11", "SR 1.12", "SR 1.13", "SR 1.2", "SR 1.3", "SR 1.4", "SR 1.5", "SR 1.6", "SR 1.7", "SR 1.8", "SR 1.9", "SR 2.1", "SR 2.2", "SR 2.3", "SR 2.4", "SR 2.5", "SR 2.6", "SR 2.7", "SR 3.1", "SR 3.5", "SR 3.8", "SR 4.1", "SR 4.3", "SR 5.1", "SR 5.2", "SR 5.3", "SR 7.1", "SR 7.6"], "iso27001-2013": ["A.11.2.6", "A.12.1.2", "A.12.5.1", "A.12.6.2", "A.13.1.1", "A.13.2.1", "A.14.1.3", "A.14.2.2", "A.14.2.3", "A.14.2.4", "A.6.2.1", "A.6.2.2", "A.9.1.2"], "nist": ["CM-7(a)", "CM-7(b)", "CM-6(a)", "IA-5(1)(c)"], "nist-csf": ["PR.AC-3", "PR.IP-1", "PR.PT-3", "PR.PT-4"], "srg": ["SRG-OS-000095-GPOS-00049"], "anssi": ["R62"], "pcidss4": ["2.2.4", "2.2"], "stigid": ["UBTU-22-215030"], "stigref": ["SV-260482r958478_rule"]}, "control_references": {"anssi": ["R62"], "pcidss4": ["2.2.4", "2.2"], "stigid": ["UBTU-22-215030"]}, "components": [], "identifiers": {}, "ocil_clause": "the package is installed", "ocil": "\nRun the following command to determine if the <code>rsh-server</code> package is installed:\n<pre>$ dpkg -l  rsh-server</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must not have the rsh-server package installed.", "fixtext": "Remove the rsh-server package with the following command:\n\n$ sudo dnf remove rsh-server", "checktext": "Verify that the rsh-server package is not installed with the following command:\n\n$ sudo dnf list --installed rsh-server\n\nError: No matching Packages to list\n\nIf the \"rsh-server\" package is installed, this is a finding.", "vuldiscussion": "The \"rsh-server\" service provides unencrypted remote access service, which does not provide for the confidentiality and integrity of user passwords or the remote session and has very weak authentication. If a privileged user were to login using this service, the privileged user password could be compromised. The \"rsh-server\" package provides several obsolete and insecure network services. Removing it decreases the risk of accidental (or intentional) activation of those services."}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Uninstall rsh-server Package", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml", "template": {"name": "package_removed", "vars": {"pkgname": "rsh-server"}, "backends": {}}}