Check: UBTU-20-010405
Canonical Ubuntu 20.04 LTS STIG:
UBTU-20-010405
(in versions v1 r12 through v1 r1)
Title
The Ubuntu operating system must not have the telnet package installed. (Cat I impact)
Discussion
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
Check Content
Verify that the telnet package is not installed on the Ubuntu operating system by running the following command: $ dpkg -l | grep telnetd If the package is installed, this is a finding.
Fix Text
Remove the telnet package from the Ubuntu operating system by running the following command: $ sudo apt-get remove telnetd
Additional Identifiers
Rule ID: SV-238326r877396_rule
Vulnerability ID: V-238326
Group Title: SRG-OS-000074-GPOS-00042
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000197 |
The information system, for password-based authentication, transmits only cryptographically-protected passwords. |
Controls
Number | Title |
---|---|
IA-5 (1) |
Password-Based Authentication |