Details

The talk software makes it possible for users to send and receive messages across systems through a terminal session. The talk client (allows initialization of talk sessions) is installed by default.

Rationale:

The software presents a security risk as it uses unencrypted protocols for communication.

Solution

Run the following command to remove talk:

# yum erase talk

Default Value:

OS Default: Enabled

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3096

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-11
• CSCv7|2.6

Source

• Tenable.com/audits