Back

Install or uninstall the telnet server package, only if absolutely necessary.


CONTROL ID
04953
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Disable all unnecessary services unless otherwise noted in a policy exception., CC ID: 00880

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Ensure telnet client is not installed Description: The `telnet` package contains the `telnet` client, which allows users to start connections to other systems via the telnet protocol. Rationale: The `telnet` protocol is insecure and unencrypted. The use of an unencrypted transmission medium could al… (2.3.4, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 1)
  • Ensure telnet-server is not installed Description: The `telnet-server` package contains the `telnet` daemon, which accepts connections from users from other systems via the `telnet` protocol. Rationale: The `telnet` protocol is insecure and unencrypted. The use of an unencrypted transmission medium … (2.2.15, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 1)
  • Ensure telnet-server is not installed Description: The `telnet-server` package contains the `telnet` daemon, which accepts connections from users from other systems via the `telnet` protocol. Rationale: The `telnet` protocol is insecure and unencrypted. The use of an unencrypted transmission medium … (2.2.15, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 2)
  • Ensure telnet client is not installed Description: The `telnet` package contains the `telnet` client, which allows users to start connections to other systems via the telnet protocol. Rationale: The `telnet` protocol is insecure and unencrypted. The use of an unencrypted transmission medium could al… (2.3.4, CIS Amazon Linux 2 Benchmark, v.2.0.0, Level 2)
  • Title: Remove telnet-server Description: The telnet-server package contains the telnetd daemon, which accepts connections from users from other systems via the telnet protocol. Rationale: The telnet protocol is insecure and unencrypted. The use of an unencrypted transmission medium could allow a… (Rule: xccdf_org.cisecurity.benchmarks_rule_2.1.1_Remove_telnet-server Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_2.1.1.1_services.telnet-server, The Center for Internet Security CentOS 6 Level 1 Benchmark, 1.0.0)
  • Title: Remove telnet-server Description: The telnet-server package contains the telnetd daemon, which accepts connections from users from other systems via the telnet protocol. Rationale: The telnet protocol is insecure and unencrypted. The use of an unencrypted transmission medium could allow… (Rule:xccdf_org.cisecurity.benchmarks_rule_2.1.1_Remove_telnet-server Artifact Expression:xccdf_org.cisecurity.benchmarks_ae_2.1.1.1_services.telnet-server, The Center for Internet Security Red Hat Enterprise Linux 6 Level 1 Benchmark, 1.2.0)
  • Title: Remove telnet-server Description: The telnet-server package contains the telnetd daemon, which accepts connections from users from other systems via the telnet protocol. Rationale: The telnet protocol is insecure and unencrypted. The use of an unencrypted transmission medium could allow… (Rule:xccdf_org.cisecurity.benchmarks_rule_2.1.1_Remove_telnet-server Artifact Expression:xccdf_org.cisecurity.benchmarks_ae_2.1.1.1_services.telnet-server, The Center for Internet Security Red Hat Enterprise Linux 6 Level 2 Benchmark, 1.2.0)
  • Ensure telnet client is not installed Description: The `telnet` package contains the `telnet` client, which allows users to start connections to other systems via the telnet protocol. Rationale: The `telnet` protocol is insecure and unencrypted. The use of an unencrypted transmission medium could al… (2.3.2, CIS Oracle Linux 8 Benchmark, Server Level 1, v1.0.1)
  • Ensure telnet client is not installed Description: The `telnet` package contains the `telnet` client, which allows users to start connections to other systems via the telnet protocol. Rationale: The `telnet` protocol is insecure and unencrypted. The use of an unencrypted transmission medium could al… (2.3.2, CIS Oracle Linux 8 Benchmark, Server Level 2, v1.0.1)
  • The telnet-server package should be installed or uninstalled as appropriate. Technical Mechanisms: via yum Parameters: installed / uninstalled References: Section: 3.2.2, Value: uninstalled (CCE-4330-7, Common Configuration Enumeration List, Combined XML: Red Hat Enterprise Linux 5, 5.20130214)