UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

AIX must disable /usr/bin/rcp, /usr/bin/rlogin, /usr/bin/rsh, /usr/bin/rexec and /usr/bin/telnet commands.


Overview

Finding ID Version Rule ID IA Controls Severity
V-91295 AIX7-00-003005 SV-101393r1_rule High
Description
The listed applications permit the transmission of passwords in plain text. Alternative applications such as SSH, which encrypt data, should be use instead.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2019-04-29

Details

Check Text ( C-90449r1_chk )
From the command prompt, execute the following commands:
# ls -l /usr/bin/rcp | awk '{print $1}'
# ls -l /usr/bin/rlogin | awk '{print $1}'
# ls -l /usr/bin/rsh | awk '{print $1}'
# ls -l /usr/bin/telnet | awk '{print $1}'
# ls -l /usr/bin/rexec | awk '{print $1}'

Each of the above commands should return with the following permissions:
----------

If the permissions are more permissive, this is a finding.
Fix Text (F-97493r1_fix)
Use the chmod command to remove all permissions on these commands:
# chmod ugo= /usr/bin/rcp
# chmod ugo= /usr/bin/rlogin
# chmod ugo= /usr/bin/rsh
# chmod ugo= /usr/bin/rexec
# chmod ugo= /usr/bin/telnet