R-Services
This week, I will discuss the so-called R-services that provide various
levels of interaction and command execution on a remote host. I will
then show how to disable these services to eliminate their potential
security risks.
A Note on Security
All the R-services ("R" stands for "remote") are solid, convenient, and
reliable tools when used inside a closed local network, preferably
secured by a firewall. However, they easily turn into a dangerous
security loophole when used in a public, open network or a Web server.
Therefore, you should usually disable them on public Web servers.
rlogin
The rlogin (remote login) utility enables a user to log automatically
into a remote machine without having to supply a username and a
password. Once you have logged in, rlogin provides a telnet-like
interface. For example, if you have two machines called "mac1"
and "mac2" that are connected to each other on the same network, you
can log into mac1 from mac2 using the following command:
$rlogin mac2
The automatic login is enabled only for known usernames that have a
matching .rhosts entry; otherwise, the user will still be prompted for
a valid username and a password. To disable rlogin, remove or comment
out the rlogind (the rlogin server) entry from inetd.conf. In addition,
you should delete /etc/hosts.equiv and any .rhosts files from your
system.
rsh
The rsh (remote shell) service allows execution of remote commands. The
rsh program runs on a client that connects to a remote host. rsh opens
a shell on the remote host in which the command executes. To disable
rsh, comment out the rshd entry in the inetd.conf file.
rexec
The rexec (remote execution) service offers remote command execution,
similar to rsh. The only difference is that the user must supply a
username and a password to execute a command using rexec. To disable
rexec, remove or comment out the rexecd entry from inetd.conf.
rwho
The rwho (remote who) service reports information on currently logged
users on a remote host. The information gained this way can be quite
dangerous if it reaches the hands of professional crackers. To disable
this service, comment out the rwhod entry in the inetd.conf file.
Read more about how-to in ITworld's How-to section
» posted by ITworld staff
ITworld
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
R-Services
Only article I found that explains what the services actually do! ThanksR-Services
Only article I found that explains what the services actually do! Thanks