UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The FTP daemon must be configured for logging or verbose mode.


Overview

Finding ID Version Rule ID IA Controls Severity
V-845 GEN004980 SV-40816r1_rule ECAR-1 ECAR-2 ECAR-3 Low
Description
The -l option allows basic logging of connections. The verbose (on HP) and the debug (on Solaris) allow logging of what files the FTP session transferred. This extra logging makes it possible to easily track which files are being transferred onto or from a system. If they are not configured, the only option for tracking is the audit files. The audit files are much harder to read. If auditing is not properly configured, then there would be no record at all of the file transfer transactions.
STIG Date
SOLARIS 10 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2018-04-10

Details

Check Text ( C-39540r1_chk )
Verify the FTP daemon is invoked with the -l option by SMF.
# inetadm -l ftp | grep in.ftpd
If the exec name-value pair does not include the -l option for in.ftpd, this is a finding.
Fix Text (F-34676r1_fix)
Add the -l option to the exec name-value pair used by SMF to invoke the FTP daemon.
# inetadm -m ftp exec="/usr/sbin/in.ftpd [other options] -l"
Refresh inetd.
# svcadm refresh inetd