Code: p530 Severity: Notice
Description: CVS is the Concurrent Versions System, commonly used to help manage software development. Impact: This may be an intelligence gathering activity or an attempt to connect to CVS using the credentials of a user with escalated privileges. Should this attempt be succesful the entire CVS repository may be compromised. Corrective: Disable the CVS daemon in the file /etc/inetd.conf. Run the CVS daemon as a user other than root that does not have a valid login to the machine. Disable anonymous cvs access to the server where appropriate. Maintain checks on the password database and the CVS repository.
|
