From 19bb5db5445f40e003be39eefd80a8d6c8ec8349 Mon Sep 17 00:00:00 2001
From: lu-yunxiao <m202271724@hust.edu.cn>
Date: Thu, 27 Apr 2023 16:37:55 +0800
Subject: [PATCH] change 3.17-disable-telnet-port-23 to
 3.17-disable-or-uninstall-the-telnet. Also modify the benchmark, scan, repair
 scripts and corresponding docs

Fixes:#I6ZETW

Signed-off-by: lu-yunxiao <m202271724@hust.edu.cn>
---
 .../3.17-disable-or-uninstall-the-telnet.md   | 54 +++++++++++++++++++
 .../services/3.17-disable-telnet-port-23.md   | 29 ----------
 docs/summary-of-rules.md                      |  2 +-
 .../3.17-disable-or-uninstall-the-telnet.sh   |  1 +
 .../services/3.17-disable-telnet-port-23.sh   |  1 -
 ...> 3.17-disable-or-uninstall-the-telnet.sh} |  3 +-
 6 files changed, 58 insertions(+), 32 deletions(-)
 create mode 100644 benchmarks/services/3.17-disable-or-uninstall-the-telnet.md
 delete mode 100644 benchmarks/services/3.17-disable-telnet-port-23.md
 create mode 100644 remediation-kits/services/3.17-disable-or-uninstall-the-telnet.sh
 delete mode 100644 remediation-kits/services/3.17-disable-telnet-port-23.sh
 rename scanners/services/{3.17-disable-telnet-port-23.sh => 3.17-disable-or-uninstall-the-telnet.sh} (73%)

diff --git a/benchmarks/services/3.17-disable-or-uninstall-the-telnet.md b/benchmarks/services/3.17-disable-or-uninstall-the-telnet.md
new file mode 100644
index 0000000..77d96c2
--- /dev/null
+++ b/benchmarks/services/3.17-disable-or-uninstall-the-telnet.md
@@ -0,0 +1,54 @@
+# 3.17 禁用或卸载telnet
+
+## 安全等级
+
+- Level 1
+
+## 描述
+
+telnet 客户端允许用户通过 telnet 协议启动与其他系统的连接。然而 telnet 协议不安全且未加密，使用未加密的传输介质可能允许未经授权的用户窃取凭据。
+
+## 修复建议
+
+目标：禁用 telnet 的23端口或确保 telnet 被卸载
+
+- 运行以下命令来禁用 telnet 。
+
+```bash
+# systemctl --now disable telnet.socket
+```
+
+或者:
+
+- 运行以下命令来卸载 telnet 。
+
+```bash
+# dnf remove telnet telnet-server -y
+```
+
+## 扫描检测
+
+1. 运行以下命令来检查是否安装 telnet 。
+
+```bash
+# rpm -qa | grep telnet
+```
+
+若输出为空则表示未安装 telnet ，满足预期目标，扫描结束通过检查。
+
+如果已安装 telnet 则:
+
+2. 运行以下命令来检查 telnet 是否被禁用。
+
+```bash
+# systemctl is-enabled telnet.socket
+disabled
+```
+
+输出结果为`disabled`则表示已禁用 telnet 。
+
+如telnet服务未安装或已禁用，则视为通过此项检查。
+
+## 参考
+
+- cis:<https://www.cisecurity.org/benchmark/aliyun_linux>
\ No newline at end of file
diff --git a/benchmarks/services/3.17-disable-telnet-port-23.md b/benchmarks/services/3.17-disable-telnet-port-23.md
deleted file mode 100644
index a8a8b0b..0000000
--- a/benchmarks/services/3.17-disable-telnet-port-23.md
+++ /dev/null
@@ -1,29 +0,0 @@
-# 3.17 禁用telnet的23端口
-
-## 安全等级
-
-- Level 1
-
-## 描述
-
-telnet 客户端允许用户通过 telnet 协议启动与其他系统的连接。然而telnet 协议不安全且未加密，使用未加密的传输介质可能允许未经授权的用户窃取凭据。
-
-## 修复建议
-
-运行以下命令来禁用`telnet`
-
-```bash
-# systemctl --now disable telnet.socket
-```
-
-## 扫描检测
-
-运行以下命令来检查`telnet`是否被禁用:
-
-```bash
-# systemctl is-enabled telnet.socket
-```
-
-期待的输出结果`disabled`。
-
-## 参考
diff --git a/docs/summary-of-rules.md b/docs/summary-of-rules.md
index 51e4742..be23111 100644
--- a/docs/summary-of-rules.md
+++ b/docs/summary-of-rules.md
@@ -94,7 +94,7 @@
 | 3.14     | 3.14-disable-samba.md                                        | 3.14 禁用Samba                                       | benchmarks/services                 | 1     |
 | 3.15     | 3.15-disable-imap-and-pop3-server.md                         | 3.15 禁用IMAP 和POP3 Server                          | benchmarks/services                 | 1     |
 | 3.16     | 3.16-disable-smtp-protocol.md                                | 3.16 禁用使用smtp协议的postfix服务                   | benchmarks/services                 | 1     |
-| 3.17     | 3.17-disable-telnet-port-23.md                               | 3.17 禁用telnet的23端口                              | benchmarks/services                 | 1     |
+| 3.17     | 3.17-disable-or-uninstall-the-telnet.md                      | 3.17 禁用或卸载telnet                                | benchmarks/services                 | 1     |
 | 3.18     | 3.18-uninstall-the-avahi-server.md                           | 3.18 卸载Avahi                                       | benchmarks/services                 | 1     |
 | 3.19     | 3.19-uninstall-the-kexec-tools.md                            | 3.19 卸载 kexec-tools                                | benchmarks/services                 | 3     |
 | 3.20     | 3.20-uninstall-the-firstboot.md                              | 3.20 卸载 firstboot                                  | benchmarks/services                 | 1     |
diff --git a/remediation-kits/services/3.17-disable-or-uninstall-the-telnet.sh b/remediation-kits/services/3.17-disable-or-uninstall-the-telnet.sh
new file mode 100644
index 0000000..7364559
--- /dev/null
+++ b/remediation-kits/services/3.17-disable-or-uninstall-the-telnet.sh
@@ -0,0 +1 @@
+dnf remove -y telnet telnet-server || systemctl --now disable telnet.socket
\ No newline at end of file
diff --git a/remediation-kits/services/3.17-disable-telnet-port-23.sh b/remediation-kits/services/3.17-disable-telnet-port-23.sh
deleted file mode 100644
index 5f28106..0000000
--- a/remediation-kits/services/3.17-disable-telnet-port-23.sh
+++ /dev/null
@@ -1 +0,0 @@
-systemctl --now disable telnet.socket
diff --git a/scanners/services/3.17-disable-telnet-port-23.sh b/scanners/services/3.17-disable-or-uninstall-the-telnet.sh
similarity index 73%
rename from scanners/services/3.17-disable-telnet-port-23.sh
rename to scanners/services/3.17-disable-or-uninstall-the-telnet.sh
index 0dbdb12..1ca6133 100644
--- a/scanners/services/3.17-disable-telnet-port-23.sh
+++ b/scanners/services/3.17-disable-or-uninstall-the-telnet.sh
@@ -1,4 +1,5 @@
-if [ "$(rpm -qa telnet)" ]; then
+#!/usr/bin/env bash
+if [ "$(rpm -qa | grep telnet)" ]; then
     result=$(systemctl is-enabled telnet.socket)
     if [[ $result != enabled ]]; then
         echo "pass"
-- 
Gitee