Uninstall the telnet server

An XCCDF Rule

Description

The telnet daemon should be uninstalled.

Rationale

telnet allows clear text communications, and does not protect any data transmission between client and server. Any confidential data can be listened and no integrity checking is made.'

ID: xccdf_org.ssgproject.content_rule_package_telnetd_removed
Severity: High
References: 11 12 14 15 3 8 9

APO13.01 BAI10.01 BAI10.02 BAI10.03 BAI10.05 DSS01.04 DSS05.02 DSS05.03 DSS05.05 DSS06.06

4.3.3.5.1 4.3.3.5.2 4.3.3.5.3 4.3.3.5.4 4.3.3.5.5 4.3.3.5.6 4.3.3.5.7 4.3.3.5.8 4.3.3.6.1 4.3.3.6.2 4.3.3.6.3 4.3.3.6.4 4.3.3.6.5 4.3.3.6.6 4.3.3.6.7 4.3.3.6.8 4.3.3.6.9 4.3.3.7.1 4.3.3.7.2 4.3.3.7.3 4.3.3.7.4 4.3.4.3.2 4.3.4.3.3

SR 1.1 SR 1.10 SR 1.11 SR 1.12 SR 1.13 SR 1.2 SR 1.3 SR 1.4 SR 1.5 SR 1.6 SR 1.7 SR 1.8 SR 1.9 SR 2.1 SR 2.2 SR 2.3 SR 2.4 SR 2.5 SR 2.6 SR 2.7 SR 3.1 SR 3.5 SR 3.8 SR 4.1 SR 4.3 SR 5.1 SR 5.2 SR 5.3 SR 7.1 SR 7.6

A.11.2.6 A.12.1.2 A.12.5.1 A.12.6.2 A.13.1.1 A.13.2.1 A.14.1.3 A.14.2.2 A.14.2.3 A.14.2.4 A.6.2.1 A.6.2.2 A.9.1.2

CM-6(a) CM-7(a) CM-7(b)

PR.AC-3 PR.IP-1 PR.PT-3 PR.PT-4

CCE-83302-0
Updated: over 1 year ago

Remediation Templates

package remove telnetd

dnf remove telnetd

include remove_telnetd
class remove_telnetd {
  package { 'telnetd':
    ensure => 'purged',
  }
}

- name: Ensure telnetd is removed
  package:
    name: telnetd
    state: absent
  tags:
  - CCE-83302-0  - NIST-800-53-CM-6(a)
  - NIST-800-53-CM-7(a)
  - NIST-800-53-CM-7(b)
  - disable_strategy
  - high_severity
  - low_complexity
  - low_disruption
  - no_reboot_needed
  - package_telnetd_removed

package --remove=telnetd

# CAUTION: This remediation script will remove telnetd
#	   from the system, and may remove any packages
#	   that depend on telnetd. Execute this
#	   remediation AFTER testing on a non-production
#	   system!
if rpm -q --quiet "telnetd" ; then
yum remove -y "telnetd"
fi

Uninstall the telnet server

Description

Rationale

Remediation Templates

script:kickstart

script:bootc

A Puppet Snippet

An Ansible Snippet

Anaconda Pre-Install Instructions

A Shell Script