UCF STIG Viewer Logo

Network devices must have BSDr commands disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-14669 NET0744 SV-15313r3_rule Medium
Description
Berkeley Software Distribution (BSD) "r" commands allow users to execute commands on remote systems using a variety of protocols. The BSD "r" commands (e.g., rsh, rlogin, rcp, rdump, rrestore, and rdist) are designed to provide convenient remote access without passwords to services such as remote command execution (rsh), remote login (rlogin), and remote file copy (rcp and rdist). The difficulty with these commands is they use address-based authentication. An attacker who convinces a server that he is coming from a "trusted" machine can essentially get complete and unrestricted access to a system. The attacker can convince the server by impersonating a trusted machine and using IP address, by confusing DNS so that DNS thinks that the attacker's IP address maps to a trusted machine's name, or by any of a number of other methods.
STIG Date
Infrastructure L3 Switch Security Technical Implementation Guide 2019-01-09

Details

Check Text ( C-12779r5_chk )
Review the device configuration and verify there are no BSDr commands (e.g., rsh, rlogin, rcp, rdump, rrestore, and rdist) enabled.

If BSDr commands are enabled, this is a finding.
Fix Text (F-14130r4_fix)
Configure the device to disable BSDr command services.