RSH service

Post Reply
User avatar
sunder.J
Member
Posts: 35
Joined: 05 Feb 2010 07:40
Location: Chennai, India
Contact:

RSH service

Post by sunder.J » 12 Apr 2014 11:40

Hi,

One of our customer has asked us to disable the "RSH - remote shell service" as this is a vulnerability as per their policy. Request help and comments to overcome this. Also does enabling security feature in OXE help to over come this .

Regards,
Sunder.J

User avatar
tgn
Member
Posts: 795
Joined: 30 Dec 2009 17:59
Location: Germany

Re: RSH service

Post by tgn » 12 Apr 2014 14:57

rsh cannot turned of (because it's needed by some equipment like pcs)
the oxe trusted hosts feature takes care of it (a little bit). much more configurable and transparent in used rules is an external firewall. ask your customer which kind of security feature he'll prefer...

regards...
--- back to basics... focus your eyes to the essential things... ---

User avatar
sunder.J
Member
Posts: 35
Joined: 05 Feb 2010 07:40
Location: Chennai, India
Contact:

Re: RSH service

Post by sunder.J » 15 Apr 2014 10:13

Thanks for your reply. If PCS or spatial CS is not there will turning on trusted host suffice.Also Is there any document from ALE on this.
Regards,
Sunder.J

User avatar
tgn
Member
Posts: 795
Joined: 30 Dec 2009 17:59
Location: Germany

Re: RSH service

Post by tgn » 17 Apr 2014 17:39

there is a little bit description in "system documentation/security/detailed description"
search for "trusted host" there.
if you don't trust this table. you can look also in the configuration files of the tcp-wrapper ("hosts.allow", "hosts.deny", etc...) which is in use by the trusted host feature.

regards...
--- back to basics... focus your eyes to the essential things... ---

User avatar
sunder.J
Member
Posts: 35
Joined: 05 Feb 2010 07:40
Location: Chennai, India
Contact:

Re: RSH service

Post by sunder.J » 16 May 2014 10:57

Enabling SSH feature , disables rsh feature. You can check rsh status under location.

/etc/xinetd.d/rsh

User avatar
tgn
Member
Posts: 795
Joined: 30 Dec 2009 17:59
Location: Germany

Re: RSH service

Post by tgn » 16 May 2014 12:35

yes. this will work too. but now a 8770/4760 needs an extra license to connect.

regards...
--- back to basics... focus your eyes to the essential things... ---

Post Reply

Return to “Security and Access Control”