2.3.4 Ensure telnet client is not installed

Information

The telnet package contains the telnet client, which allows users to start connections to other systems via the telnet protocol.

Rationale:

The telnet protocol is insecure and unencrypted. The use of an unencrypted transmission medium could allow an unauthorized user to steal credentials. The ssh package provides an encrypted session and stronger security and is included in most Linux distributions.

Impact:

Many insecure service clients are used as troubleshooting tools and in testing environments. Uninstalling them can inhibit capability to test and troubleshoot. If they are required it is advisable to remove the clients after use to prevent accidental or intentional misuse.

Solution

Run the following command to remove the telnet package:

# yum remove telnet

See Also

https://workbench.cisecurity.org/files/3636

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|2.6, Rule-ID|SV-204502r603261_rule

Plugin: Unix

Control ID: a1110a1af5799e865c535001cbffd9b5049becbc9fa40a57eb2c88b2ff51f1a0