UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The telnet daemon must not be running.


Overview

Finding ID Version Rule ID IA Controls Severity
V-24386 GEN003850 SV-37444r1_rule DCPP-1 High
Description
The telnet daemon provides a typically unencrypted remote access service which does not provide for the confidentiality and integrity of user passwords or the remote session. If a privileged user were to log on using this service, the privileged user password could be compromised.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2015-06-12

Details

Check Text ( C-36116r2_chk )
The telnet service included in the RHEL distribution is part of krb5-workstation. There are two versions of telnetd server provided. The xinetd.d file ekrb5-telnet allows only connections authenticated through kerberos. The xinetd.d krb5-telnet allows normal telnet connections as well as kerberized connections. Both are set to "disable = yes" by default. Ensure that neither is running.

Procedure:
Check if telnetd is running:

# ps -ef |grep telnetd

If the telnet daemon is running, this is a finding.

Check if telnetd is enabled on startup:

# chkconfig --list|grep telnet

If an entry with "on" is found, this is a finding.
Fix Text (F-31362r2_fix)
Identify the telnet service running and disable it.

Procedure:

Disable the telnet server.
# chkconfig telnet off

Verify the telnet daemon is no longer running.
# ps -ef |grep telnet