UCF STIG Viewer Logo

Anonymous FTP must not be active on the system unless authorized.


Overview

Finding ID Version Rule ID IA Controls Severity
V-846 GEN004820 SV-40086r1_rule ECSC-1 Medium
Description
Due to the numerous vulnerabilities inherent in anonymous FTP, it is recommended that it not be used. If anonymous FTP must be used on a system, the requirement must be authorized and approved in the system accreditation package.
STIG Date
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2018-09-18

Details

Check Text ( C-711r2_chk )
Attempt to log into this host with a user name of anonymous and a password of guest (also try the password of guest@mail.com). If the logon is successful, this is a finding.

Procedure:
# ftp localhost
Name: anonymous
530 Guest login not allowed on this machine.
Fix Text (F-34157r1_fix)
Remove user "anonymous" from /etc/passwd.