How i can check which services use rsh in unix-aix?

Question

I want to disable rsh in my unix box for security issues , but after do that i have to check if any service use it to handle it , so that anyone know how i can list all services or application use rsh ?

Answer 1

Almost nothing uses rsh. Some systems will do remote backups by using rsh to dump to a remote tape drive by running rmt(8). But if your system was being used by remote clients to do tape backups, you would already know. Aside from that there will be nothing.

In your position I would simply disable the service. No Unix systems designed for production work should ship with rsh enabled these days anyway.

If you are very cautious you can modify your inetd.conf entry for rsh by using something like tcpwappers so that attempts to use rsh produce a log message to the system log. You can also use tcpwrappers to either allow the request after issuing the log message, or drop the connection.

Answer 2

When you rsh from host A to host B, you should see such a login on host B's access log (wtmp / btmp).

If you want to discover this only on host A, it seems that you need to scan through all your services / cron job / etc and inspect one by one.

If you're sure the rsh fires frequently enough (e.g. not only once per year), mirror the network port on the switch (which connects to host A), capture the packets and see where it goes.