A CVS (Concurrent Versions System) server is installed, and it is configured to have its own password file, or use that of the system. This service starts as a daemon, listening on port TCP:port. Knowing that a CVS server is present on the system gives attackers additional information about the system, such as that this is a UNIX based system, and maybe a starting point for further attacks.

Block those ports from outside communication