id: rsh-client

info:
  name: Ensure rsh Client is Not Installed
  author: Th3l0newolf
  severity: info
  description: |
    The rsh-client package provides the Remote Shell client, which transmits data in plaintext and is considered insecure.If not explicitly required, it should be removed to reduce exposure to unauthorized remote access.
  remediation: |
    Ensure the rsh-client package is not installed unless explicitly required.To remove the package, run: sudo apt-get remove rsh-client -y
  reference:
    - https://www.cisecurity.org/benchmark/ubuntu_linux
  metadata:
    verified: true
  tags: cis,local,cisecurity,audit,linux,ubuntu,rsh

self-contained: true

code:
  - engine:
      - bash

    args:
      - "-c"
      - |
        # Check if the rsh-client package is installed
        if dpkg-query -W -f='${Status}' rsh-client 2>/dev/null | grep -q "install ok installed"; then
          echo "[cis-rsh-client-check:Policy-Fail] [rsh-client is installed] [CIS_FAIL]"
        else
          echo "[cis-rsh-client-check:Policy-Pass] [rsh-client is not installed] [CIS_PASS]"
        fi

    matchers:
      - type: word
        name: policy-pass
        words:
          - "Policy-Pass"

      - type: word
        name: policy-fail
        words:
          - "Policy-Fail"
# digest: 4a0a00473045022100f533077d301c1f42c4d08231ece267cb23ed7b5c19ba1d044c4b1a84dcc14b7f02207cd04519969a2f4f6d584e3b3d04aec08b4eb4f85c07337d2692f13c1ca23791:922c64590222798bb761d5b6d8e72950