Title

The telnet daemon must not be running. (Cat I impact)

Discussion

The telnet daemon provides a typically unencrypted remote access service which does not provide for the confidentiality and integrity of user passwords or the remote session. If a privileged user were to log on using this service, the privileged user password could be compromised.

Check Content

Open a terminal session and enter the following command to verify telnet is disabled. defaults read /var/db/launchd.db/com.apple.launchd/overrides com.apple.telnetd If a 1 is not returned, this is a finding.

Fix Text

Open a terminal session and use the following command to disable telnet. launchctl unload -w /System/Library/LaunchDaemons/telnet.plist NOTE: This command is being run to adjust the overrides file; unloading errors are normal, repeat the check to verify.

Additional Identifiers

Rule ID: SV-38213r1_rule

Vulnerability ID: V-24386

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.