id: linux-rexec-service

info:
  name: rexec Service Should Be Disabled
  author: songyaeji
  severity: high
  description: |
    Assessed the operational status of the rexec service on the system.Running rexec could have allowed unauthorized users to gain access or extract sensitive information, representing a significant security risk.
  reference:
    - https://isms.kisa.or.kr
  tags: linux,audit,kisa,compliance

self-contained: true

code:
  - engine:
      - sh
      - bash
    source: |
      if grep -i 'disable[[:space:]]*=[[:space:]]*no' /etc/xinetd.d/rexec 2>/dev/null; then
          echo "[VULNERABLE] rexec service is enabled"
      else
          echo "[SAFE] rexec service is disabled"
      fi

    matchers:
      - type: word
        part: response
        words:
          - "[VULNERABLE]"
# digest: 4b0a00483046022100b9f764d888e182b047952ab369bb146824c1174e629253cd986c97d1bf88004e022100b16d78c126be1d7b60427ca3ddd028c56fce2f2384951323567732f9b14fd64f:922c64590222798bb761d5b6d8e72950