R-Services

This week, I will discuss the so-called R-services that provide various

levels of interaction and command execution on a remote host. I will

then show how to disable these services to eliminate their potential

security risks.

A Note on Security

All the R-services ("R" stands for "remote") are solid, convenient, and

reliable tools when used inside a closed local network, preferably

secured by a firewall. However, they easily turn into a dangerous

security loophole when used in a public, open network or a Web server.

Therefore, you should usually disable them on public Web servers.

rlogin

The rlogin (remote login) utility enables a user to log automatically

into a remote machine without having to supply a username and a

password. Once you have logged in, rlogin provides a telnet-like

interface. For example, if you have two machines called "mac1"

and "mac2" that are connected to each other on the same network, you

can log into mac1 from mac2 using the following command:

$rlogin mac2

The automatic login is enabled only for known usernames that have a

matching .rhosts entry; otherwise, the user will still be prompted for

a valid username and a password. To disable rlogin, remove or comment

out the rlogind (the rlogin server) entry from inetd.conf. In addition,

you should delete /etc/hosts.equiv and any .rhosts files from your

system.

rsh

The rsh (remote shell) service allows execution of remote commands. The

rsh program runs on a client that connects to a remote host. rsh opens

a shell on the remote host in which the command executes. To disable

rsh, comment out the rshd entry in the inetd.conf file.

rexec

The rexec (remote execution) service offers remote command execution,

similar to rsh. The only difference is that the user must supply a

username and a password to execute a command using rexec. To disable

rexec, remove or comment out the rexecd entry from inetd.conf.

rwho

The rwho (remote who) service reports information on currently logged

users on a remote host. The information gained this way can be quite

dangerous if it reaches the hands of professional crackers. To disable

this service, comment out the rwhod entry in the inetd.conf file.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies