id: linux-rsh-service

info:
  name: rsh Service Should Be Disabled
  author: songyaeji
  severity: high
  description: |
   Assessed the operational status of the rsh service on the system.Running rsh could have allowed unauthorized users to gain access or extract sensitive information, representing a significant security risk.
  reference:
    - https://isms.kisa.or.kr
  tags: linux,local,audit,kisa,compliance

self-contained: true

code:
  - engine:
      - sh
      - bash
    source: |
      if grep -i 'disable[[:space:]]*=[[:space:]]*no' /etc/xinetd.d/rsh 2>/dev/null; then
          echo "[VULNERABLE] rsh service is enabled"
      else
          echo "[SAFE] rsh service is disabled"
      fi

    matchers:
      - type: word
        part: response
        words:
          - "[VULNERABLE]"
# digest: 490a00463044022033b38de938931e97c6dae4db07a43ccf5b914fdc77d09467f50ed7f9fe8e027e0220453f6d5a24c1e28bfaab7ac33a33aa2ab1de8c671b76ac3a76df3d8efe0e7ab7:922c64590222798bb761d5b6d8e72950