STIGQter STIGQter: STIG Summary: Oracle Linux 7 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Oracle Linux operating system must not have the telnet-server package installed.

DISA Rule

SV-221763r603260_rule

Vulnerability Number

V-221763

Group Title

SRG-OS-000095-GPOS-00049

Rule Version

OL07-00-021710

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the operating system to disable non-essential capabilities by removing the telnet-server package from the system with the following command:

# yum remove telnet-server

Check Contents

Verify the operating system is configured to disable non-essential capabilities. The most secure way of ensuring a non-essential capability is disabled is not to install the capability.

The telnet service provides an unencrypted remote access service that does not provide for the confidentiality and integrity of user passwords or the remote session.

If a privileged user were to log on using this service, the privileged user password could be compromised.

Check to see if the telnet-server package is installed with the following command:

# yum list installed telnet-server

If the telnet-server package is installed, this is a finding.

Vulnerability Number

V-221763

Documentable

False

Rule Version

OL07-00-021710

Severity Override Guidance

Verify the operating system is configured to disable non-essential capabilities. The most secure way of ensuring a non-essential capability is disabled is not to install the capability.

The telnet service provides an unencrypted remote access service that does not provide for the confidentiality and integrity of user passwords or the remote session.

If a privileged user were to log on using this service, the privileged user password could be compromised.

Check to see if the telnet-server package is installed with the following command:

# yum list installed telnet-server

If the telnet-server package is installed, this is a finding.

Check Content Reference

M

Target Key

4089

Comments