Description:
The rsync service can be used to synchronize files between systems over network
links.
Rationale:
The rsync service presents a security risk as it uses unencrypted protocols for
communication. The rsync package should be removed to reduce the attack area of the
system.
Audit:
Run the following command to verify rsync is not installed:
dpkg-query -W -f='${binary:Package}\t${Status}\t${db:Status-Status}\n' rsync
rsync unknown ok not-installed not-installed
OR
Run the following commands to verify that rsync is inactive and masked:
Profile Applicability: Level 1 - Server Level 1 - Workstation
Description: The rsync service can be used to synchronize files between systems over network links.
Rationale: The rsync service presents a security risk as it uses unencrypted protocols for communication. The rsync package should be removed to reduce the attack area of the system.
Audit: Run the following command to verify rsync is not installed:
OR Run the following commands to verify that rsync is inactive and masked: