Check: OL6-00-000206
Oracle Linux 6 STIG:
OL6-00-000206
(in versions v2 r7 through v1 r9)
Title
The telnet-server package must not be installed. (Cat I impact)
Discussion
Removing the "telnet-server" package decreases the risk of the unencrypted telnet service's accidental (or intentional) activation. Mitigation: If the telnet-server package is configured to only allow encrypted sessions, such as with Kerberos or the use of encrypted network tunnels, the risk of exposing sensitive information is mitigated.
Check Content
Run the following command to determine if the "telnet-server" package is installed: # rpm -q telnet-server If the package is installed, this is a finding.
Fix Text
The "telnet-server" package can be uninstalled with the following command: # yum erase telnet-server
Additional Identifiers
Rule ID: SV-208913r793699_rule
Vulnerability ID: V-208913
Group Title: SRG-OS-000095
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |