OL 9 must not have the rsh-server package installed.

STIG ID: OL09-00-000105  |  SRG: SRG-OS-000095-GPOS-00049 |  Severity: medium |  CCI: CCI-000381 |  Vulnerability Id: V-271457

Vulnerability Discussion

The "rsh-server" service provides unencrypted remote access service, which does not provide for the confidentiality and integrity of user passwords or the remote session and has very weak authentication. If a privileged user were to login using this service, the privileged user password could be compromised. The "rsh-server" package provides several obsolete and insecure network services. Removing it decreases the risk of accidental (or intentional) activation of those services.

Check

Verify that OL 9 does not have the rsh-server package installed with the following command:

$ dnf list --installed rsh-server
Error: No matching Packages to list

If the "rsh-server" package is installed, this is a finding.

Fix

Remove the rsh-server package with the following command:

$ sudo dnf remove rsh-server
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.