Puppet Class: cis_security_hardening::rules::telnet_server

Defined in:
manifests/rules/telnet_server.pp

Summary

Ensure telnet-server is not installed

Overview

The telnet-server package contains the telnet daemon, which accepts connections from users from other systems via the telnet protocol.

Rationale: The telnet protocol is insecure and unencrypted. The use of an unencrypted transmission medium could allow a user with access to sniff network traffic the ability to steal credentials. The ssh package provides an encrypted session and stronger security.

Examples:

class { 'cis_security_hardening::rules::telnet_server':
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'manifests/rules/telnet_server.pp', line 21

class cis_security_hardening::rules::telnet_server (
  Boolean $enforce = false,
) {
  if $enforce {
    $ensure = $facts['os']['family'].downcase() ? {
      'suse'  => 'absent',
      default => 'purged',
    }

    $pkgs = $facts['os']['name'].downcase() ? {
      'ubuntu' => 'telnetd',
      'debian' => 'telnetd',
      default  => 'telnet-server'
    }

    unless $facts['os']['name'].downcase() == 'sles' {
      ensure_resource('service', ['telnet'], {
          ensure => stopped,
          enable => false,
      })
    }
    ensure_packages($pkgs, {
        ensure => $ensure,
    })
  }
}