https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6765061#M729448 <P>How about this:</P><P><A href="https://en.wikipedia.org/wiki/Rlogin" target="_blank">https://en.wikipedia.org/wiki/Rlogin</A></P><P>&nbsp;</P><P>If you are concerned about security, disabling rlogin is a miniscule step towards reducing system vulnerabilities.</P><P>Why are you using rlogin rather than telnet?</P><P>&nbsp;</P><P>But more important, why are you not using ssh?</P> Wed, 15 Jul 2015 11:27:11 GMT Bill Hassell 2015-07-15T11:27:11Z https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6764765#M729442 <P>Hi All,</P><P>&nbsp;</P><P>My security team has raised a concern reagring the rlogin entry in the inetd.conf and asked me to hash stop the service.</P><P>&nbsp;</P><P>I dont have any rhosts or hosts.equiv files on my server .</P><P>&nbsp;</P><P>&nbsp;</P><P>My Question is :</P><P>&nbsp;</P><P>1. I have rlogin entry in inetd.conf file but dont have&nbsp;<SPAN> rhosts or hosts.equiv will rlogin still work or could it be still considered as rlogin as vulnerable.</SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>Thanks In advance</P> Tue, 14 Jul 2015 15:43:04 GMT https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6764765#M729442 sapoguheman 2015-07-14T15:43:04Z https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6764828#M729443 <P>&gt;&gt; <SPAN>will rlogin still work or could it be still considered as rlogin as vulnerable.</SPAN></P><P>&nbsp;</P><P>Absolutely yes, 100% of the so-called <STRONG>'r'</STRONG> commands (<STRONG>rlogin</STRONG>, <STRONG>remsh, rexec</STRONG> and <STRONG>rcp</STRONG>) are NOT secure since the passwords are sent without encryption. The lack of <STRONG>.rhosts</STRONG> and <STRONG>hosts.equiv</STRONG> means that <STRONG>rlogin</STRONG> will ask you for the password first, then log you in but the<STRONG> 'r'</STRONG> commands still work.</P><P>&nbsp;</P><P>However the passwords will be transmitted in plain text so any network trace can see them. For this reason, all Unix systems should disable <STRONG>telnet, ftp</STRONG> and the <STRONG>'r'</STRONG> commands, and use nothing but <STRONG>ssh</STRONG> and <STRONG>scp</STRONG>.</P><P>&nbsp;</P><P>&nbsp;In inetd.conf, these lines should be commented:</P><PRE># login stream tcp6 nowait root /usr/lbin/rlogind rlogind # shell stream tcp6 nowait root /usr/lbin/remshd remshd # exec stream tcp6 nowait root /usr/lbin/rexecd rexecd</PRE> Tue, 14 Jul 2015 18:14:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6764828#M729443 Bill Hassell 2015-07-14T18:14:01Z https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6764919#M729444 <P>You can also make sure the r* commands remain blocked with the inetd.sec(4) file. For example:</P><P>&nbsp;</P><PRE>$ cat /var/adm/inetd.sec<BR />login deny exec deny shell deny</PRE><P>and so forth...</P> Tue, 14 Jul 2015 22:19:51 GMT https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6764919#M729444 RJHall 2015-07-14T22:19:51Z https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6765043#M729445 <P>Hi Bill,</P><P>&nbsp;</P><P>Can i get any supporting documents for the same .</P><P>&nbsp;</P><P>Thanks</P> Wed, 15 Jul 2015 09:40:43 GMT https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6765043#M729445 sapoguheman 2015-07-15T09:40:43Z https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6765052#M729446 <P>&gt;&gt; Can i get any supporting documents for the same.</P><P>&nbsp;</P><P>I am very unclear about your question.</P><P>&nbsp;</P><P>Do you need documents about how edit the inetd.conf file?</P><P>Or how to signal the changes in inetd.conf?</P><P>Or how rlogin/rexec/remsh work?</P><P>Or somethng stating that the 'r' commands transmit unexncrypted passwords?</P><P>Or that telnet and ftp have the same vulnerability?</P><P>&nbsp;</P> Wed, 15 Jul 2015 10:40:19 GMT https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6765052#M729446 Bill Hassell 2015-07-15T10:40:19Z https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6765056#M729447 <P>I need some supporting documents which mentions even keeping rlogin entry in inetd.conf is vulnerable even though it doesnt have ant rhosts / hosts.equiv files.</P><P>&nbsp;</P><P>&nbsp;</P><P>I tried on few servers where&nbsp;<SPAN>rhosts / hosts.equiv files are not present but still am able to login from root to root with passord for fews server and on some servers it doesnt works.</SPAN></P><P>&nbsp;</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 15 Jul 2015 11:23:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6765056#M729447 sapoguheman 2015-07-15T11:23:31Z https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6765061#M729448 <P>How about this:</P><P><A href="https://en.wikipedia.org/wiki/Rlogin" target="_blank">https://en.wikipedia.org/wiki/Rlogin</A></P><P>&nbsp;</P><P>If you are concerned about security, disabling rlogin is a miniscule step towards reducing system vulnerabilities.</P><P>Why are you using rlogin rather than telnet?</P><P>&nbsp;</P><P>But more important, why are you not using ssh?</P> Wed, 15 Jul 2015 11:27:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6765061#M729448 Bill Hassell 2015-07-15T11:27:11Z https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6765064#M729449 <P>&gt;&gt; I tried on few servers where&nbsp;<SPAN>rhosts / hosts.equiv files are not present but still am able to login from root to root with passord for fews server and on some servers it doesnt works.</SPAN></P><P>&nbsp;</P><P>...doesn't work...</P><P>&nbsp;</P><P>That is not helpful to determine the problem. "Some servers don't work" could mean that the servers are dead, or that rlogind is not enabled. The .rhosts and hosts.equiv files simply allow login without having to type a password. The password that you type using rlogin is visible to anyone looking at your network traffic.</P> Wed, 15 Jul 2015 11:38:14 GMT https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6765064#M729449 Bill Hassell 2015-07-15T11:38:14Z https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6765069#M729450 <P>I am using ssh.</P><P>I wanted to justify few teams that even keeping rlogin entry in inetd.conf is vulnerable .</P> Wed, 15 Jul 2015 11:49:42 GMT https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6765069#M729450 sapoguheman 2015-07-15T11:49:42Z https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6765090#M729451 <P>&gt;&gt; I wanted to justify few teams that even keeping rlogin entry in inetd.conf is vulnerable .</P><P>&nbsp;</P><P>Keeping rlogin in inetd.conf isn't the issue. Using rlogin is the problem. You stop users from running rlogin (and rcp and remsh and rexec and telneet and ftp) by turning off the daemons in inetd.conf. Most data centers forbid the use of these services. And good Unix auditors will write findings when these services are discovered.</P> Wed, 15 Jul 2015 12:11:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/rlogin-entries-in-inetd-conf-vulnerability/m-p/6765090#M729451 Bill Hassell 2015-07-15T12:11:20Z