STIG ID: ALMA-09-030820 | SRG: SRG-OS-000095-GPOS-00049 | Severity: medium | CCI: | Vulnerability Id: V-269352
The "rsh-server" service provides unencrypted remote access service, which does not provide for the confidentiality and integrity of user passwords or the remote session and has very weak authentication. If a privileged user were to login using this service, the privileged user password could be compromised.
The "rsh-server" package provides several obsolete and insecure network services. Removing it decreases the risk of accidental (or intentional) activation of those services.
Remove the rsh-server package with the following command:
$ dnf remove rsh-server
Verify that the rsh-server package is not installed with the following command:
$ dnf list --installed rsh-server
Error: No matching Packages to list
If the "rsh-server" package is installed, this is a finding.