8.5 Check that the Banner Setting for telnet is Null - BANNER =

Information

The BANNER variable in the file /etc/default/telnetd can be used to display text before
the telnet login prompt. Traditionally, it has been used to display the OS level of the target
system.

The warning banner provides information that can be used in reconnaissance for an attack.
By default, this file is distributed with the BANNER variable set to null. It is not necessary to
create a separate warning banner for telnet if a warning is set in the /etc/issue file. As
telnet is an insecure protocol, it is strongly recommend that it be disabled and all remote
administrative/user connections take place by Secure Shell.

Solution

Perform the following to implement the recommended state-# cd /etc/default
# awk '/^BANNER=/ { $1 = 'BANNER=' }; { print }'
telnetd > telnetd.CIS
# mv telnetd.CIS telnetd9 System MaintenanceNo matter how securely a system has been installed and hardened, administrator and user
activity over time can introduce security exposures. This section describes tasks to be
performed on a regular, ongoing basisperhaps in an automated fashion via the cron
utility. The automated host-based scanning tools provided from the Center for Internet
Security can be used for this purpose. These scanning tools are typically provided with this
document, but are also available for free from http-//www.CISecurity.org/.Note that, unlike other sections, the items in this section specify an Audit action followed by
a Remediation action, since it is necessary to determine what the current setting is before
determining remediation measures, which will vary depending on the site's policy.

See Also

https://workbench.cisecurity.org/files/616

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-8a.

Plugin: Unix

Control ID: 83dbfe49fbf069bef6f1a83b9b8d9dbc411da5c9c92ec36385a84b0538763efb