You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
package-02 and package-03 seem to both be testing for telnetd, but seems like it intends to test for rsh.
control 'package-02' do
impact 1.0
title 'Do not install Telnet server'
desc 'Telnet protocol uses unencrypted communication, that means the password and other sensitive data are unencrypted. http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf, Chapter 3.2.2'
describe package('telnetd') do
it { should_not be_installed }
end
end
control 'package-03' do
impact 1.0
title 'Do not install rsh server'
desc 'The r-commands suffers same problem as telnet. http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf, Chapter 3.2.3'
describe package('telnetd') do
it { should_not be_installed }
end
end
The text was updated successfully, but these errors were encountered:
https://github.com/dev-sec/linux-baseline/blob/master/controls/package_spec.rb#L39-L55
package-02
andpackage-03
seem to both be testing fortelnetd
, but seems like it intends to test forrsh
.The text was updated successfully, but these errors were encountered: