UCF STIG Viewer Logo

The ftpusers file must be owned by root.


Overview

Finding ID Version Rule ID IA Controls Severity
V-842 GEN004920 SV-38485r1_rule ECLP-1 Medium
Description
If the file ftpusers is not owned by root, an unauthorized user may modify the file to allow unauthorized accounts to use FTP.
STIG Date
HP-UX 11.23 Security Technical Implementation Guide 2015-12-02

Details

Check Text ( C-36584r1_chk )
Check the ownership of the ftpusers file.
# ls -lL /etc/ftpd/ftpusers

If the ftpusers file is not owned by root, this is a finding.
Fix Text (F-31952r1_fix)
Change the owner of the ftpusers file to root.
# chown root /etc/ftpd/ftpusers