STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide

V-253065

CAT II (Medium)

TOSS must not have the rsh-server package installed.

Rule ID

SV-253065r987796_rule

STIG

Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide

Version

V2R5

CCIs

CCI-000197CCI-000381

Discussion

Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. The rsh-server service provides an unencrypted remote access service that does not provide for the confidentiality and integrity of user passwords or the remote session and has very weak authentication. Satisfies: SRG-OS-000074-GPOS-00042, SRG-OS-000095-GPOS-00049

Check Content

Check to see if the rsh-server package is installed with the following command:

$ sudo yum list installed rsh-server

If the rsh-server package is installed, this is a finding.

Fix Text

Configure the operating system to disable nonessential capabilities by removing the rsh-server package from the system with the following command:

$ sudo yum remove rsh-server