|
- # 2.3.3 Ensure talk client is not installed
- #
- # Description
- # ===========
- # The talk software makes it possible for users to send and receive messages
- # across systems through a terminal session. The talk client, which allows
- # initialization of talk sessions, is installed by default.
- #
- # Rationale
- # =========
- # The software presents a security risk as it uses unencrypted protocols
- # for communication.
- #
- # Audit
- # =====
- # Run the following command and verify talk is not installed:
- #
- # dpkg -s talk
- #
- # Remediation
- # ===========
- # Run the following command to uninstall talk :
- #
- # apt-get remove talk
- #
- # Impact
- # ======
- # Many insecure service clients are used as troubleshooting tools and in
- # testing environments. Uninstalling them can inhibit capability to test
- # and troubleshoot. If they are required it is advisable to remove the clients
- # after use to prevent accidental or intentional misuse.
- #
- parameters:
- linux:
- system:
- package:
- talk:
- version: removed
|
