AIX must disable /usr/bin/rcp, /usr/bin/rlogin, /usr/bin/rsh, /usr/bin/rexec and /usr/bin/telnet commands.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-215322 | AIX7-00-003005 | SV-215322r508663_rule | High |
| Description |
|---|
| The listed applications permit the transmission of passwords in plain text. Alternative applications such as SSH, which encrypt data, should be use instead. |
| STIG | Date |
|---|---|
| IBM AIX 7.x Security Technical Implementation Guide | 2022-06-06 |
Details
| Check Text ( C-16520r294417_chk ) |
|---|
| From the command prompt, execute the following commands: # ls -l /usr/bin/rcp | awk '{print $1}' # ls -l /usr/bin/rlogin | awk '{print $1}' # ls -l /usr/bin/rsh | awk '{print $1}' # ls -l /usr/bin/telnet | awk '{print $1}' # ls -l /usr/bin/rexec | awk '{print $1}' Each of the above commands should return with the following permissions: ---------- If the permissions are more permissive, this is a finding. |
| Fix Text (F-16518r294418_fix) |
|---|
| Use the chmod command to remove all permissions on these commands: # chmod ugo= /usr/bin/rcp # chmod ugo= /usr/bin/rlogin # chmod ugo= /usr/bin/rsh # chmod ugo= /usr/bin/rexec # chmod ugo= /usr/bin/telnet |