adding SSG list.
Dne 01. 11. 19 v 11:30 Vojtech Polasek napsal(a):
> Hello all,
>
> I am fixing the following bugzilla:
>
>
https://bugzilla.redhat.com/show_bug.cgi?id=1729222
>
> Brief summary: as part of several profiles, in this case NCP profile
> in rhel7, we are removing the telnet package containing the Telnet
> client.
>
> But this removal of telnet package causes removal of the
> fence-agents-all package and this causes removal of VDSM.
>
> So if an user wants to be compliant with NCP, they can't use VDSM nor
> some fence agents at the same time.
>
> I proposed a PR which removes the "package_telnet_removed" rule from
> rhel7, rhel8 and rhv4 profiles.
>
>
https://github.com/ComplianceAsCode/content/pull/4958
>
> I understand that Telnet server introduces a security risk because it
> uses unencrypted traffic, it is a common port attackers scan for etc.
> We are removing the telnet-server package and also making sure that
> the telnet service is disabled in two other separate rules.
>
> But do we really need to explicitly remove also the Telnet client?
> Especially if it prevents features like VDSM from working? I
> understand that it uses unencrypted traffic as well, but is it such a
> high security risk?
>
> Steve, anyone else, could you give an opinion on this please?
>
> Thank you,
>
> Vojta
>
>
>
>