UCF STIG Viewer Logo

The ftpusers file must exist.


Overview

Finding ID Version Rule ID IA Controls Severity
V-840 GEN004880 SV-28404r1_rule ECCD-2 ECCD-1 Medium
Description
The ftpusers file contains a list of accounts not allowed to use FTP to transfer files. If this file does not exist, then unauthorized accounts can utilize FTP.
STIG Date
SOLARIS 9 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-10-01

Details

Check Text ( C-28647r1_chk )
Check for the existence of the ftpusers file.
# ls -l /etc/ftpd/ftpusers
If the ftpusers file does not exist, this is a finding.
Fix Text (F-25675r1_fix)
Create a /etc/ftpd/ftpusers file containing a list of accounts not authorized for FTP.