id: linux-rsh-service

info:
  name: rsh Service Should Be Disabled
  author: songyaeji
  severity: high
  description: |
   Assessed the operational status of the rsh service on the system.Running rsh could have allowed unauthorized users to gain access or extract sensitive information, representing a significant security risk.
  reference:
    - https://isms.kisa.or.kr
  tags: linux,audit,kisa,compliance

self-contained: true

code:
  - engine:
      - sh
      - bash
    source: |
      if grep -i 'disable[[:space:]]*=[[:space:]]*no' /etc/xinetd.d/rsh 2>/dev/null; then
          echo "[VULNERABLE] rsh service is enabled"
      else
          echo "[SAFE] rsh service is disabled"
      fi

    matchers:
      - type: word
        part: response
        words:
          - "[VULNERABLE]"
# digest: 4a0a004730450220769c9a01934309c038df730fc01c350eab2515a5697cb8d64619807408cc2ad30221009975541349bc4ceafb0ad04496ec587bea30aa7133d3f6650b342f3a07827186:922c64590222798bb761d5b6d8e72950