Code: p531 Severity: Notice
Description: CVS is the Concurrent Versions System, commonly used to help manage software development. Impact: This may be an intelligence gathering activity or an attempt to connect to a CVS repository containing code not publicly available. Corrective: Disable the CVS daemon in the file /etc/inetd.conf. Run the CVS daemon as a user other than root that does not have a valid login to the machine. Disable anonymous access to the cvs server where appropriate. Maintain checks on the password database and the CVS repository logs.
|
