2.3.3 Ensure talk client is not installed

Information

The talk software makes it possible for users to send and receive messages across systems through a terminal session. The talk client, which allows initialization of talk sessions, is installed by default.

Rationale:

The software presents a security risk as it uses unencrypted protocols for communication.

Impact:

Many insecure service clients are used as troubleshooting tools and in testing environments. Uninstalling them can inhibit capability to test and troubleshoot. If they are required it is advisable to remove the clients after use to prevent accidental or intentional misuse.

Solution

Run the following command to remove the talk package:

# dnf remove talk

Additional Information:

NIST SP 800-53 Rev. 5:

CM-7

See Also

https://workbench.cisecurity.org/files/3939