{"description": "The <tt>rlogin</tt> service, which is available with\nthe <tt>rsh-server</tt> package and runs as a service through xinetd or separately\nas a systemd socket, should be disabled.\nIf using xinetd, set <tt>disable</tt> to <tt>yes</tt> in <tt>/etc/xinetd.d/rlogin</tt>.\n\nThe <code>rlogin</code> socket can be disabled with the following command:\n<pre>$ sudo systemctl mask --now rlogin.socket</pre>", "rationale": "The rlogin service uses unencrypted network communications, which\nmeans that data from the login session, including passwords and\nall other information transmitted during the session, can be\nstolen by eavesdroppers on the network.", "severity": "high", "references": {"cis-csc": ["1", "11", "12", "14", "15", "16", "3", "5", "8", "9"], "cobit5": ["APO13.01", "BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05", "DSS01.04", "DSS05.02", "DSS05.03", "DSS05.04", "DSS05.05", "DSS05.07", "DSS05.10", "DSS06.03", "DSS06.06", "DSS06.10"], "cui": ["3.1.13", "3.4.7"], "hipaa": ["164.308(a)(4)(i)", "164.308(b)(1)", "164.308(b)(3)", "164.310(b)", "164.312(e)(1)", "164.312(e)(2)(ii)"], "isa-62443-2009": ["4.3.3.2.2", "4.3.3.5.1", "4.3.3.5.2", "4.3.3.5.3", "4.3.3.5.4", "4.3.3.5.5", "4.3.3.5.6", "4.3.3.5.7", "4.3.3.5.8", "4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9", "4.3.3.7.1", "4.3.3.7.2", "4.3.3.7.3", "4.3.3.7.4", "4.3.4.3.2", "4.3.4.3.3"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.11", "SR 1.12", "SR 1.13", "SR 1.2", "SR 1.3", "SR 1.4", "SR 1.5", "SR 1.6", "SR 1.7", "SR 1.8", "SR 1.9", "SR 2.1", "SR 2.2", "SR 2.3", "SR 2.4", "SR 2.5", "SR 2.6", "SR 2.7", "SR 3.1", "SR 3.5", "SR 3.8", "SR 4.1", "SR 4.3", "SR 5.1", "SR 5.2", "SR 5.3", "SR 7.1", "SR 7.6"], "iso27001-2013": ["A.11.2.6", "A.12.1.2", "A.12.5.1", "A.12.6.2", "A.13.1.1", "A.13.2.1", "A.14.1.3", "A.14.2.2", "A.14.2.3", "A.14.2.4", "A.18.1.4", "A.6.2.1", "A.6.2.2", "A.7.1.1", "A.9.1.2", "A.9.2.1", "A.9.2.2", "A.9.2.3", "A.9.2.4", "A.9.2.6", "A.9.3.1", "A.9.4.2", "A.9.4.3"], "nist": ["CM-7(a)", "CM-7(b)", "CM-6(a)", "IA-5(1)(c)"], "nist-csf": ["PR.AC-1", "PR.AC-3", "PR.AC-6", "PR.AC-7", "PR.IP-1", "PR.PT-3", "PR.PT-4"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "service and/or socket are running", "ocil": "\nTo check that the <code>rlogin</code> service is disabled in system boot configuration with xinetd, run the following command:\n<pre>$ chkconfig <code>rlogin</code> --list</pre>\nOutput should indicate the <code>rlogin</code> service has either not been installed, or has been disabled, as shown in the example below:\n<pre>$ chkconfig <code>rlogin</code> --list\n\nNote: This output shows SysV services only and does not include native\nsystemd services. SysV configuration data might be overridden by native\nsystemd configuration.\n\nIf you want to list systemd services use 'systemctl list-unit-files'.\nTo see services enabled on particular target use\n'systemctl list-dependencies [target]'.\n\n<code>rlogin</code>       off</pre>\n\nTo check that the <code>rlogin</code> socket is disabled in system boot configuration with systemd, run the following command:\n<pre>$ systemctl is-enabled <code>rlogin</code></pre>\nOutput should indicate the <code>rlogin</code> socket has either not been installed,\nor has been disabled at all runlevels, as shown in the example below:\n<pre>$ sudo systemctl is-enabled <code>rlogin</code><br/>disabled</pre>\n\nRun the following command to verify <code>rlogin</code> is not active (i.e. not running) through current runtime configuration:\n<pre>$ sudo systemctl is-active rlogin</pre>\n\nIf the socket is not running the command will return the following output:\n<pre>inactive</pre>\n\nThe socket will also be masked, to check that the <code>rlogin</code> is masked, run the following command:\n<pre>$ sudo systemctl show <code>rlogin</code> | grep \"LoadState\\|UnitFileState\"</pre>\n\nIf the socket is masked the command will return the following outputs:\n\n<pre>LoadState=masked</pre>\n\n<pre>UnitFileState=masked</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {"check-import": "stdout", "platform": ["multi_platform_all"], "environment": "any", "filename": "service_rlogin_disabled.sh", "relative_path": "ubuntu2204/checks/sce/service_rlogin_disabled.sh"}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Disable rlogin Service", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml", "template": {"name": "service_disabled", "vars": {"servicename": "rlogin", "packagename": "rsh-server"}, "backends": {}}}