code/linux/audit/rsh-client.yaml

id: rsh-client

info:
  name: Ensure rsh Client is Not Installed
  author: Th3l0newolf
  severity: info
  description: |
    The rsh-client package provides the Remote Shell client, which transmits data in plaintext and is considered insecure.If not explicitly required, it should be removed to reduce exposure to unauthorized remote access.
  remediation: |
    Ensure the rsh-client package is not installed unless explicitly required.To remove the package, run: sudo apt-get remove rsh-client -y
  reference:
    - https://www.cisecurity.org/benchmark/ubuntu_linux
  metadata:
    verified: true
  tags: cis,local,cisecurity,audit,linux,ubuntu,rsh

self-contained: true

code:
  - engine:
      - bash

    args:
      - "-c"
      - |
        # Check if the rsh-client package is installed
        if dpkg-query -W -f='${Status}' rsh-client 2>/dev/null | grep -q "install ok installed"; then
          echo "[cis-rsh-client-check:Policy-Fail] [rsh-client is installed] [CIS_FAIL]"
        else
          echo "[cis-rsh-client-check:Policy-Pass] [rsh-client is not installed] [CIS_PASS]"
        fi

    matchers:
      - type: word
        name: policy-pass
        words:
          - "Policy-Pass"

      - type: word
        name: policy-fail
        words:
          - "Policy-Fail"
# digest: 4a0a00473045022100f533077d301c1f42c4d08231ece267cb23ed7b5c19ba1d044c4b1a84dcc14b7f02207cd04519969a2f4f6d584e3b3d04aec08b4eb4f85c07337d2692f13c1ca23791:922c64590222798bb761d5b6d8e72950
Local tag - update 2025-08-28 23:41:32 +05:30			`id: rsh-client`
Ubuntu Phase 3 more templates 2025-06-18 23:58:37 -07:00
			`info:`
			`name: Ensure rsh Client is Not Installed`
			`author: Th3l0newolf`
file name, tags and Minor - changes 2025-08-19 18:03:12 +05:30			`severity: info`
Ubuntu Phase 3 more templates 2025-06-18 23:58:37 -07:00			`description: \|`
file name, tags and Minor - changes 2025-08-19 18:03:12 +05:30			`The rsh-client package provides the Remote Shell client, which transmits data in plaintext and is considered insecure.If not explicitly required, it should be removed to reduce exposure to unauthorized remote access.`
Ubuntu Phase 3 more templates 2025-06-18 23:58:37 -07:00			`remediation: \|`
fix-trail-lint-error 2025-08-19 18:38:32 +05:30			`Ensure the rsh-client package is not installed unless explicitly required.To remove the package, run: sudo apt-get remove rsh-client -y`
Ubuntu Phase 3 more templates 2025-06-18 23:58:37 -07:00			`reference:`
			`- https://www.cisecurity.org/benchmark/ubuntu_linux`
			`metadata:`
			`verified: true`
Local tag - update 2025-08-28 23:41:32 +05:30			`tags: cis,local,cisecurity,audit,linux,ubuntu,rsh`
Ubuntu Phase 3 more templates 2025-06-18 23:58:37 -07:00
			`self-contained: true`

			`code:`
			`- engine:`
			`- bash`

			`args:`
			`- "-c"`
			`- \|`
			`# Check if the rsh-client package is installed`
			`if dpkg-query -W -f='${Status}' rsh-client 2>/dev/null \| grep -q "install ok installed"; then`
file name, tags and Minor - changes 2025-08-19 18:03:12 +05:30			`echo "[cis-rsh-client-check:Policy-Fail] [rsh-client is installed] [CIS_FAIL]"`
Ubuntu Phase 3 more templates 2025-06-18 23:58:37 -07:00			`else`
file name, tags and Minor - changes 2025-08-19 18:03:12 +05:30			`echo "[cis-rsh-client-check:Policy-Pass] [rsh-client is not installed] [CIS_PASS]"`
Ubuntu Phase 3 more templates 2025-06-18 23:58:37 -07:00			`fi`

			`matchers:`
			`- type: word`
			`name: policy-pass`
			`words:`
			`- "Policy-Pass"`

			`- type: word`
			`name: policy-fail`
			`words:`
chore: sign templates 🤖 2025-08-21 12:45:03 +00:00			`- "Policy-Fail"`
chore: sign templates 🤖 2025-08-29 10:06:03 +00:00			`# digest: 4a0a00473045022100f533077d301c1f42c4d08231ece267cb23ed7b5c19ba1d044c4b1a84dcc14b7f02207cd04519969a2f4f6d584e3b3d04aec08b4eb4f85c07337d2692f13c1ca23791:922c64590222798bb761d5b6d8e72950`