UCF STIG Viewer Logo

The rexecd service must not be installed.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22434 GEN003845 SV-38911r1_rule ECSC-1 Medium
Description
The rexecd process provides a typically unencrypted, host-authenticated remote access service. SSH should be used in place of this service.
STIG Date
Draft AIX Security Technical Implementation Guide 2011-08-17

Details

Check Text ( C-36876r1_chk )
Determine if the rexecd service is installed. If it is, this is a finding.

# ls -l `which rexecd`

The rexecd is part of the bos.net.tcp.client fileset and is not removable.
Fix Text (F-31863r1_fix)
#chmod 000 /usr/sbin/rexecd