|
12345678910111213141516171819202122232425262728293031323334353637383940 |
- # 2.3.4 Ensure telnet client is not installed
- #
- # Description
- # ===========
- # The telnet package contains the telnet client, which allows users to start
- # connections to other systems via the telnet protocol.
- #
- # Rationale
- # =========
- # The telnet protocol is insecure and unencrypted. The use of an unencrypted
- # transmission medium could allow an unauthorized user to steal credentials.
- # The ssh package provides an encrypted session and stronger security and is
- # included in most Linux distributions.
- #
- # Audit
- # =====
- # Run the following command and verify telnet is not installed:
- #
- # # dpkg -s telnet
- #
- # Remediation
- # ===========
- # Run the following command to uninstall telnet :
- #
- # # apt-get remove telnet
- #
- # Impact
- # ======
- # Many insecure service clients are used as troubleshooting tools and in
- # testing environments. Uninstalling them can inhibit capability to test and
- # troubleshoot. If they are required it is advisable to remove the clients
- # after use to prevent accidental or intentional misuse.
- #
- parameters:
- linux:
- system:
- package:
- telnet:
- version: removed
-
|