3.3.2.1 Disable ntalk/talk/write - writesrv

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The recommendation is to block talk and write. This allows connected users to chat within terminal sessions.

Rationale:

The recommendation is to block attempts to use the write or talk commands. This improves the security of the tty device.

However, there are two exceptions:

The super user can write to anyone

If you are logged in as the same user who has turned the messages off, you can write to the super user

Solution

Disable talk and write.

rmitab writesrv
/usr/sbin/chsubserver -r inetd -C /etc/inetd.conf -d -v 'ntalk' -p 'udp'
/usr/sbin/chsubserver -r inetd -C /etc/inetd.conf -d -v 'talk' -p 'udp'
for daemon in /usr/sbin/talkd /usr/sbin/writesrv; do
chmod a-rwx ${daemon}
trustchk -u ${daemon} mode
done

Default Value:

ntalk and writesrv are enabled

See Also

https://workbench.cisecurity.org/files/3525