id: linux-rexec-service

info:
  name: rexec Service Should Be Disabled
  author: songyaeji
  severity: high
  description: |
    Assessed the operational status of the rexec service on the system.Running rexec could have allowed unauthorized users to gain access or extract sensitive information, representing a significant security risk.
  reference:
    - https://isms.kisa.or.kr
  tags: linux,local,audit,kisa,compliance

self-contained: true

code:
  - engine:
      - sh
      - bash
    source: |
      if grep -i 'disable[[:space:]]*=[[:space:]]*no' /etc/xinetd.d/rexec 2>/dev/null; then
          echo "[VULNERABLE] rexec service is enabled"
      else
          echo "[SAFE] rexec service is disabled"
      fi

    matchers:
      - type: word
        part: response
        words:
          - "[VULNERABLE]"
# digest: 490a00463044022003bbbed1e0bd7a6f80f662b6ecc935324f16f9097cf8c7fddaebca4e567fc26f02204a000af2bb0c14fb63940f14fd5e04647a2e49f2d56fecb1555ec9573f42c439:922c64590222798bb761d5b6d8e72950