<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> <meta name="Generator" content="Microsoft Exchange Server"> <style></style> </head> <body> <style id="x_outgoing-font-settings">  </style> <div style="background-color:rgb(255,255,255); background-image:initial; line-height:initial"> <div id="x_response_container_BBPPID" dir="auto" style="outline:none"> <div name="x_BB10" id="x_BB10_response_div_BBPPID" dir="auto" style="width:100%"> If you are concerned about telnet, then you might want to lock down the interpreters. :)</div> <div name="x_BB10" id="x_response_div_spacer_BBPPID" dir="auto" style="width:100%"> <br> </div> </div> <div id="x__original_msg_header_BBPPID" dir="auto"> <table width="100%" style="background-color:white; border-spacing:0px; display:table; outline:none"> <tbody> <tr> <td colspan="2" style="padding:initial; font-size:initial; text-align:initial; background-color:rgb(255,255,255)"> <div style="border-right:none; border-bottom:none; border-left:none; border-top:1pt solid rgb(181,196,223); padding:3pt 0in 0in; font-family:Tahoma,"BB Alpha Sans","Slate Pro"; font-size:10pt"> <div id="x_from"><b>From:</b> vpolasek@redhat.com</div> <div id="x_sent"><b>Sent:</b> November 1, 2019 12:21 PM</div> <div id="x_to"><b>To:</b> open-scap-list@redhat.com; scap-security-guide@lists.fedorahosted.org</div> <div id="x_reply_to"><b>Reply to:</b> scap-security-guide@lists.fedorahosted.org</div> <div id="x_cc"><b>Cc:</b> sgrubb@redhat.com</div> <div id="x_subject"><b>Subject:</b> Re: removing telnet client breaks fence agents</div> </div> </td> </tr> </tbody> </table> <br> </div> </div> <font size="2"><span style="font-size:11pt;"> <div class="PlainText">adding SSG list.<br> <br> <br> Dne 01. 11. 19 v 11:30 Vojtech Polasek napsal(a):<br> > Hello all,<br> ><br> > I am fixing the following bugzilla:<br> ><br> > <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1729222">https://bugzilla.redhat.com/show_bug.cgi?id=1729222</a><br> ><br> > Brief summary: as part of several profiles, in this case NCP profile <br> > in rhel7, we are removing the telnet package containing the Telnet <br> > client.<br> ><br> > But this removal of telnet package causes removal of the <br> > fence-agents-all package and this causes removal of VDSM.<br> ><br> > So if an user wants to be compliant with NCP, they can't use VDSM nor <br> > some fence agents at the same time.<br> ><br> > I proposed a PR which removes the "package_telnet_removed" rule from <br> > rhel7, rhel8 and rhv4 profiles.<br> ><br> > <a href="https://github.com/ComplianceAsCode/content/pull/4958">https://github.com/ComplianceAsCode/content/pull/4958</a><br> ><br> > I understand that Telnet server introduces a security risk because it <br> > uses unencrypted traffic, it is a common port attackers scan for etc. <br> > We are removing the telnet-server package and also making sure that <br> > the telnet service is disabled in two other separate rules.<br> ><br> > But do we really need to explicitly remove also the Telnet client? <br> > Especially if it prevents features like VDSM from working? I <br> > understand that it uses unencrypted traffic as well, but is it such a <br> > high security risk?<br> ><br> > Steve, anyone else, could you give an opinion on this please?<br> ><br> > Thank you,<br> ><br> > Vojta<br> ><br> ><br> ><br> ><br> _______________________________________________<br> scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org<br> To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org<br> Fedora Code of Conduct: <a href="https://docs.fedoraproject.org/en-US/project/code-of-conduct/"> https://docs.fedoraproject.org/en-US/project/code-of-conduct/</a><br> List Guidelines: <a href="https://fedoraproject.org/wiki/Mailing_list_guidelines"> https://fedoraproject.org/wiki/Mailing_list_guidelines</a><br> List Archives: <a href="https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org"> https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org</a><br> </div> </span></font>THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message. </body> </html>