2.1.7 Ensure talk server is not enabled (Scored)
Profile Applicability
Level 1 - Server Level 1 - Workstation
Description
The talk
software makes it possible for users to send and receive messages across systems through a terminal session. The talk client (allows initiate of talk sessions) is installed by default.
Rationale
The software presents a security risk as it uses unencrypted protocols for communication.
Audit
Verify the talk
service is not enabled. Run the following commands and verify results are as indicated:
grep -R "^talk" /etc/inetd.* grep -R "^ntalk" /etc/inetd.*
No results should be returned
check /etc/xinetd.conf
and /etc/xinetd.d/*
and verify all talk
services have disable = yes
set.
Remediation
Comment out or remove any lines starting with talk
or ntalk
from /etc/inetd.conf
and /etc/inetd.d/*
.
Set disable = yes
on all talk
and ntalk
services in /etc/xinetd.conf
and /etc/xinetd.d/*
.