The FTP daemon must be configured for logging or verbose mode.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-845 | GEN004980 | SV-38991r1_rule | ECAR-2 ECAR-3 ECAR-1 | Low |
| Description |
|---|
| The -l option allows logging of connections. This extra logging makes it possible to easily track which files are being transferred onto or from a system. If they are not configured, the only option for tracking is the audit files. The audit files are much harder to read. If auditing is not properly configured, then there would be no record at all of the file transfer transactions. |
| STIG | Date |
|---|---|
| AIX 5.3 SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2014-10-03 |
Details
| Check Text ( C-37953r1_chk ) |
|---|
| Perform: # grep ftpd /etc/inetd.conf, Check the line for ftpd to check if the -l argument. If the ftpd is invoked without the -l argument, this is a finding. Check the /etc/syslog.conf file for daemon.info or *.info. # more /etc/syslog.conf If daemon.info or *.info is not being logged, this is a finding. |
| Fix Text (F-33206r1_fix) |
|---|
| Edit the /etc/inetd.conf file and add the -l argument to the ftpd service line. # vi /etc/inetd.conf Restart inetd.conf # refresh -s inetd Add daemon.info or *.info to the /etc/syslog.conf file. #vi /etc/syslog.conf *.info /var/log/syslog Restart the syslog daemon. # refresh -s syslogd |