R-Services

By Danny Kalev, ITworld |  How-to 3 comments

January 04, 2002, 12:00 AM This week, I will discuss the so-called R-services that provide various
levels of interaction and command execution on a remote host. I will
then show how to disable these services to eliminate their potential
security risks.

A Note on Security
All the R-services ("R" stands for "remote") are solid, convenient, and
reliable tools when used inside a closed local network, preferably
secured by a firewall. However, they easily turn into a dangerous
security loophole when used in a public, open network or a Web server.
Therefore, you should usually disable them on public Web servers.

rlogin
The rlogin (remote login) utility enables a user to log automatically
into a remote machine without having to supply a username and a
password. Once you have logged in, rlogin provides a telnet-like
interface. For example, if you have two machines called "mac1"
and "mac2" that are connected to each other on the same network, you
can log into mac1 from mac2 using the following command:

$rlogin mac2

The automatic login is enabled only for known usernames that have a
matching .rhosts entry; otherwise, the user will still be prompted for
a valid username and a password. To disable rlogin, remove or comment
out the rlogind (the rlogin server) entry from inetd.conf. In addition,
you should delete /etc/hosts.equiv and any .rhosts files from your
system.

rsh
The rsh (remote shell) service allows execution of remote commands. The
rsh program runs on a client that connects to a remote host. rsh opens
a shell on the remote host in which the command executes. To disable
rsh, comment out the rshd entry in the inetd.conf file.

rexec
The rexec (remote execution) service offers remote command execution,
similar to rsh. The only difference is that the user must supply a
username and a password to execute a command using rexec. To disable
rexec, remove or comment out the rexecd entry from inetd.conf.

rwho
The rwho (remote who) service reports information on currently logged
users on a remote host. The information gained this way can be quite
dangerous if it reaches the hands of professional crackers. To disable
this service, comment out the rwhod entry in the inetd.conf file.

3 comments

    Anonymous 1 year ago
    Bit by bit, the US Environmental protective covering government agency follows locomoting swiss replica watches to limit the gases that scientists say cause global warming. Over five years, the agency is rolex watches limiting auto emissions and is also requiring new industrial plants to use improved pollution controls.
    Flag comment  |  Permalink Reply
    Anonymous 3 years ago
    Only article I found that explains what the services actually do! Thanks
    Flag comment  |  Permalink Reply
    Anonymous 3 years ago
    Only article I found that explains what the services actually do! Thanks
    Flag comment  |  Permalink Reply

      Add a comment

      Post a comment using one of these accounts
      Or join now
      At least 6 characters

      Note: Comment will appear soon after you have activated your account.
      Obscene/spam comments will be removed and accounts suspended.
      The information you submit is subject to our Privacy Policy and Terms of Service.

      ITworld LIVE

      Answers - Powered by ITworld

      ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

      Join Now

      New questions

      How much will the security flaws in Google Wallet set back the transition to "digital wallets"?
      0 answers
      What mobile apps are the worst offenders to user privacy?
      2 answers
      What are the main advantages/disadvantages of a hybrid cloud model vs. the public cloud?
      2 answers
      How do you bill for independent sales reps in a company IT contract?
      2 answers
      What would it take for you to allow a company to REALLY track all of your web use?
      2 answers
      View more questions

      Ask a question

      Join Now or Sign In to ask a question.
      Ask a Question