{"description": "The <code>telnet-server</code> package can be removed with the following command:\n<pre>\n$ apt-get remove telnet-server</pre>", "rationale": "It is detrimental for operating systems to provide, or install by default,\nfunctionality exceeding requirements or mission objectives. These\nunnecessary capabilities are often overlooked and therefore may remain\ninsecure. They increase the risk to the platform by providing additional\nattack vectors.\n<br />\nThe telnet service provides an unencrypted remote access service which does\nnot provide for the confidentiality and integrity of user passwords or the\nremote session. If a privileged user were to login using this service, the\nprivileged user password could be compromised.\n<br />\nRemoving the <tt>telnet-server</tt> package decreases the risk of the\ntelnet service's accidental (or intentional) activation.", "severity": "high", "references": {"cis-csc": ["11", "12", "14", "15", "3", "8", "9"], "cobit5": ["APO13.01", "BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05", "DSS01.04", "DSS05.02", "DSS05.03", "DSS05.05", "DSS06.06"], "hipaa": ["164.308(a)(4)(i)", "164.308(b)(1)", "164.308(b)(3)", "164.310(b)", "164.312(e)(1)", "164.312(e)(2)(ii)"], "isa-62443-2009": ["4.3.3.5.1", "4.3.3.5.2", "4.3.3.5.3", "4.3.3.5.4", "4.3.3.5.5", "4.3.3.5.6", "4.3.3.5.7", "4.3.3.5.8", "4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9", "4.3.3.7.1", "4.3.3.7.2", "4.3.3.7.3", "4.3.3.7.4", "4.3.4.3.2", "4.3.4.3.3"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.11", "SR 1.12", "SR 1.13", "SR 1.2", "SR 1.3", "SR 1.4", "SR 1.5", "SR 1.6", "SR 1.7", "SR 1.8", "SR 1.9", "SR 2.1", "SR 2.2", "SR 2.3", "SR 2.4", "SR 2.5", "SR 2.6", "SR 2.7", "SR 3.1", "SR 3.5", "SR 3.8", "SR 4.1", "SR 4.3", "SR 5.1", "SR 5.2", "SR 5.3", "SR 7.1", "SR 7.6"], "iso27001-2013": ["A.11.2.6", "A.12.1.2", "A.12.5.1", "A.12.6.2", "A.13.1.1", "A.13.2.1", "A.14.1.3", "A.14.2.2", "A.14.2.3", "A.14.2.4", "A.6.2.1", "A.6.2.2", "A.9.1.2"], "nist": ["CM-7(a)", "CM-7(b)", "CM-6(a)"], "nist-csf": ["PR.AC-3", "PR.IP-1", "PR.PT-3", "PR.PT-4"], "pcidss": ["Req-2.2.2"], "srg": ["SRG-OS-000095-GPOS-00049"], "anssi": ["R62"], "ism": ["1409"], "pcidss4": ["2.2.4", "2.2"]}, "control_references": {"anssi": ["R62"], "ism": ["1409"], "pcidss4": ["2.2.4", "2.2"]}, "components": [], "identifiers": {}, "ocil_clause": "the package is installed", "ocil": "\nRun the following command to determine if the <code>telnet-server</code> package is installed:\n<pre>$ dpkg -l  telnet-server</pre>", "oval_external_content": null, "fixtext": " To remove the Ubuntu 22.04 package telnet-server run the following command:\n\n$ apt-get remove telnet-server", "checktext": "", "vuldiscussion": "", "srg_requirement": " Ubuntu 22.04 must not have the telnet-server package installed.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must not have the telnet-server package installed.", "vuldiscussion": "It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities are often overlooked and therefore, may remain insecure. They increase the risk to the platform by providing additional attack vectors.\n\nThe telnet service provides an unencrypted remote access service, which does not provide for the confidentiality and integrity of user passwords or the remote session. If a privileged user were to login using this service, the privileged user password could be compromised.\n\nRemoving the \"telnet-server\" package decreases the risk of accidental (or intentional) activation of the telnet service.", "checktext": "Verify that the telnet-server package is not installed with the following command:\n\n$ dnf list --installed telnet-server\n\nError: No matching Packages to list\n\nIf the \"telnet-server\" package is installed, this is a finding.", "fixtext": "Remove the telnet-server package with the following command:\n\n$ sudo dnf remove telnet-server"}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Uninstall telnet-server Package", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml", "template": {"name": "package_removed", "vars": {"pkgname": "telnet-server"}, "backends": {}}}