ALMA-09-037860 - AlmaLinux OS 9 must not have any telnet packages installed.

Information

Passwords must be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.

A telnet server provides an unencrypted remote access mechanism that does not protect the confidentiality of user credentials or the remote session.

If a privileged user were to log on using this service, the privileged user password could be compromised. SSH or other encrypted session methods must be used instead.

Removing the server and client packages prevents inbound and outbound communications from being compromised.

Solution

Remove the default telnet client and server packages using the following command:

$ dnf remove telnet-server telnet

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CL_AlmaLinux_OS_9_V1R1_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(c), CAT|I, CCI|CCI-000197, Rule-ID|SV-269404r1050287_rule, STIG-ID|ALMA-09-037860, Vuln-ID|V-269404

Plugin: Unix

Control ID: 72c86b663695815a5b843d8aa86977181a960b5869a05e96232782a906dc78e5