Obsolete Services
An XCCDF Group
Description
This section discusses a number of network-visible
services which have historically caused problems for system
security, and for which disabling or severely limiting the service
has been the best available guidance for some time. As a result of
this, many of these services are not installed as part of OpenEmbedded
by default.
Organizations which are running these services should
switch to more secure equivalents as soon as possible.
If it remains absolutely necessary to run one of
these services for legacy reasons, care should be taken to restrict
the service as much as possible, for instance by configuring host
firewall software such as iptables
to restrict access to the
vulnerable service to only those remote hosts which have a known
need to use it.
- ID
- xccdf_org.ssgproject.content_group_obsolete
- Child Items
- Updated