| # 2.3.4 Ensure telnet client is not installed |
| # |
| # Description |
| # =========== |
| # The telnet package contains the telnet client, which allows users to start |
| # connections to other systems via the telnet protocol. |
| # |
| # Rationale |
| # ========= |
| # The telnet protocol is insecure and unencrypted. The use of an unencrypted |
| # transmission medium could allow an unauthorized user to steal credentials. |
| # The ssh package provides an encrypted session and stronger security and is |
| # included in most Linux distributions. |
| # |
| # Audit |
| # ===== |
| # Run the following command and verify telnet is not installed: |
| # |
| # # dpkg -s telnet |
| # |
| # Remediation |
| # =========== |
| # Run the following command to uninstall telnet : |
| # |
| # # apt-get remove telnet |
| # |
| # Impact |
| # ====== |
| # Many insecure service clients are used as troubleshooting tools and in |
| # testing environments. Uninstalling them can inhibit capability to test and |
| # troubleshoot. If they are required it is advisable to remove the clients |
| # after use to prevent accidental or intentional misuse. |
| # |
| parameters: |
| linux: |
| system: |
| package: |
| telnet: |
| version: removed |
| |