{"description": "\nThe <tt>rsh-client</tt> package contains the client commands\n\nfor the rsh services", "rationale": "These legacy clients contain numerous security exposures and have\nbeen replaced with the more secure SSH package. Even if the server is removed,\nit is best to ensure the clients are also removed to prevent users from\ninadvertently attempting to use these commands and therefore exposing\n\ntheir credentials. Note that removing the <tt>rsh-client</tt> package removes\n\nthe clients for <tt>rsh</tt>,<tt>rcp</tt>, and <tt>rlogin</tt>.", "severity": "unknown", "references": {"cui": ["3.1.13"], "hipaa": ["164.308(a)(4)(i)", "164.308(b)(1)", "164.308(b)(3)", "164.310(b)", "164.312(e)(1)", "164.312(e)(2)(ii)"], "iso27001-2013": ["A.8.2.3", "A.13.1.1", "A.13.2.1", "A.13.2.3", "A.14.1.2", "A.14.1.3"], "anssi": ["R62"], "cis": ["2.2.2"], "pcidss4": ["2.2.4", "2.2"]}, "control_references": {"anssi": ["R62"], "cis": ["2.2.2"], "pcidss4": ["2.2.4", "2.2"]}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": "The <code>rsh-client</code> package can be removed with the following command: <pre> $ apt-get remove rsh-client</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Uninstall rsh Package", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml", "template": {"name": "package_removed", "vars": {"pkgname": "rsh-client"}, "backends": {}}}