HPE Community
Operating System - HP-UX
1753696 Members
5615 Online
108799 Solutions
New Discussion

Re: rlogin entries in inetd.conf - Vulnerability

 
sapoguheman
Frequent Advisor

‎07-14-2015 08:43 AM

‎07-14-2015 08:43 AM

rlogin entries in inetd.conf - Vulnerability

Hi All,

 

My security team has raised a concern reagring the rlogin entry in the inetd.conf and asked me to hash stop the service.

 

I dont have any rhosts or hosts.equiv files on my server .

 

 

My Question is :

 

1. I have rlogin entry in inetd.conf file but dont have  rhosts or hosts.equiv will rlogin still work or could it be still considered as rlogin as vulnerable.

 

 

Thanks In advance

0 Kudos
Reply
9 REPLIES 9
Bill Hassell
Honored Contributor

‎07-14-2015 11:09 AM - edited ‎07-14-2015 11:14 AM

‎07-14-2015 11:09 AM - edited ‎07-14-2015 11:14 AM

Re: rlogin entries in inetd.conf - Vulnerability

>> will rlogin still work or could it be still considered as rlogin as vulnerable.

 

Absolutely yes, 100% of the so-called 'r' commands (rlogin, remsh, rexec and rcp) are NOT secure since the passwords are sent without encryption. The lack of .rhosts and hosts.equiv means that rlogin will ask you for the password first, then log you in but the 'r' commands still work.

 

However the passwords will be transmitted in plain text so any network trace can see them. For this reason, all Unix systems should disable telnet, ftp and the 'r' commands, and use nothing but ssh and scp.

 

 In inetd.conf, these lines should be commented:

#  login        stream tcp6 nowait root /usr/lbin/rlogind  rlogind
#  shell        stream tcp6 nowait root /usr/lbin/remshd   remshd
#  exec         stream tcp6 nowait root /usr/lbin/rexecd   rexecd


Bill Hassell, sysadmin
Reply
RJHall
Frequent Advisor

‎07-14-2015 03:19 PM

‎07-14-2015 03:19 PM

Re: rlogin entries in inetd.conf - Vulnerability

You can also make sure the r* commands remain blocked with the inetd.sec(4) file. For example:

 

$ cat /var/adm/inetd.sec
login   deny
exec    deny
shell   deny

and so forth...

0 Kudos
Reply
sapoguheman
Frequent Advisor

‎07-15-2015 02:40 AM

‎07-15-2015 02:40 AM

Re: rlogin entries in inetd.conf - Vulnerability

Hi Bill,

 

Can i get any supporting documents for the same .

 

Thanks

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎07-15-2015 03:40 AM

‎07-15-2015 03:40 AM

Re: rlogin entries in inetd.conf - Vulnerability

>> Can i get any supporting documents for the same.

 

I am very unclear about your question.

 

Do you need documents about how edit the inetd.conf file?

Or how to signal the changes in inetd.conf?

Or how rlogin/rexec/remsh work?

Or somethng stating that the 'r' commands transmit unexncrypted passwords?

Or that telnet and ftp have the same vulnerability?

 



Bill Hassell, sysadmin
0 Kudos
Reply
sapoguheman
Frequent Advisor

‎07-15-2015 04:07 AM - edited ‎07-15-2015 04:23 AM

‎07-15-2015 04:07 AM - edited ‎07-15-2015 04:23 AM

Re: rlogin entries in inetd.conf - Vulnerability

I need some supporting documents which mentions even keeping rlogin entry in inetd.conf is vulnerable even though it doesnt have ant rhosts / hosts.equiv files.

 

 

I tried on few servers where rhosts / hosts.equiv files are not present but still am able to login from root to root with passord for fews server and on some servers it doesnt works.

 

 

Thanks

 

 

 

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎07-15-2015 04:27 AM

‎07-15-2015 04:27 AM

Re: rlogin entries in inetd.conf - Vulnerability

How about this:

https://en.wikipedia.org/wiki/Rlogin

 

If you are concerned about security, disabling rlogin is a miniscule step towards reducing system vulnerabilities.

Why are you using rlogin rather than telnet?

 

But more important, why are you not using ssh?



Bill Hassell, sysadmin
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎07-15-2015 04:38 AM

‎07-15-2015 04:38 AM

Re: rlogin entries in inetd.conf - Vulnerability

>> I tried on few servers where rhosts / hosts.equiv files are not present but still am able to login from root to root with passord for fews server and on some servers it doesnt works.

 

...doesn't work...

 

That is not helpful to determine the problem. "Some servers don't work" could mean that the servers are dead, or that rlogind is not enabled. The .rhosts and hosts.equiv files simply allow login without having to type a password. The password that you type using rlogin is visible to anyone looking at your network traffic.



Bill Hassell, sysadmin
0 Kudos
Reply
sapoguheman
Frequent Advisor

‎07-15-2015 04:49 AM

‎07-15-2015 04:49 AM

Re: rlogin entries in inetd.conf - Vulnerability

I am using ssh.

I wanted to justify few teams that even keeping rlogin entry in inetd.conf is vulnerable .

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎07-15-2015 05:11 AM

‎07-15-2015 05:11 AM

Re: rlogin entries in inetd.conf - Vulnerability

>> I wanted to justify few teams that even keeping rlogin entry in inetd.conf is vulnerable .

 

Keeping rlogin in inetd.conf isn't the issue. Using rlogin is the problem. You stop users from running rlogin (and rcp and remsh and rexec and telneet and ftp) by turning off the daemons in inetd.conf. Most data centers forbid the use of these services. And good Unix auditors will write findings when these services are discovered.



Bill Hassell, sysadmin
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.