An error occurred:

Check: RHEL-06-000206

Red Hat Enterprise Linux 6 STIG: RHEL-06-000206 (in versions v2 r2 through v1 r14)

Title

The telnet-server package must not be installed. (Cat I impact)

Discussion

Removing the "telnet-server" package decreases the risk of the unencrypted telnet service's accidental (or intentional) activation. Mitigation: If the telnet-server package is configured to only allow encrypted sessions, such as with Kerberos or the use of encrypted network tunnels, the risk of exposing sensitive information is mitigated.

Check Content

Run the following command to determine if the "telnet-server" package is installed: # rpm -q telnet-server If the package is installed, this is a finding.

Fix Text

The "telnet-server" package can be uninstalled with the following command: # yum erase telnet-server

Additional Identifiers

Rule ID: SV-217983r603264_rule

Vulnerability ID: V-217983

Group Title: SRG-OS-000095

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000381

The organization configures the information system to provide only essential capabilities.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-7

Least Functionality