3.3.2.1 Disable ntalk/talk/write - writesrv

Information

The recommendation is to block talk and write. This allows connected users to chat within terminal sessions.

Rationale:

The recommendation is to block attempts to use the write or talk commands. This improves the security of the tty device.

However, there are two exceptions:

The super user can write to anyone

If you are logged in as the same user who has turned the messages off, you can write to the super user

Solution

Disable talk and write.

rmitab writesrv
/usr/sbin/chsubserver -r inetd -C /etc/inetd.conf -d -v 'ntalk' -p 'udp'
/usr/sbin/chsubserver -r inetd -C /etc/inetd.conf -d -v 'talk' -p 'udp'
for daemon in /usr/sbin/talkd /usr/sbin/writesrv; do
chmod a-rwx ${daemon}
trustchk -u ${daemon} mode
done

Default Value:

ntalk and writesrv are enabled

See Also

https://workbench.cisecurity.org/files/3525

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: 93b6d09b8014737a696eff613efaf62fd8502e0a86cb16e74a3edd77a1a83e09