STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The SUSE operating system must not have the telnet-server package installed.

DISA Rule

SV-234818r622137_rule

Vulnerability Number

V-234818

Group Title

SRG-OS-000074-GPOS-00042

Rule Version

SLES-15-010180

Severity

CAT I

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.
• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Remove the telnet-server package from the SUSE operating system by running the following command:

> sudo zypper remove telnet-server

Check Contents

Verify the telnet-server package is not installed on the SUSE operating system.

Check that the telnet-server package is not installed on the SUSE operating system by running the following command:

> zypper info telnet-server | grep Installed

If the telnet-server package is installed, this is a finding.

Vulnerability Number

V-234818

Documentable

False

Rule Version

SLES-15-010180

Severity Override Guidance

Verify the telnet-server package is not installed on the SUSE operating system.

Check that the telnet-server package is not installed on the SUSE operating system by running the following command:

> zypper info telnet-server | grep Installed

If the telnet-server package is installed, this is a finding.

Check Content Reference

M

Target Key

5274

Comments