BSI-100-2: S 4.21: Preventing unauthorised acquisition of administrator rights: Block ftp for administrative accesses.

Information

The file /etc/ftpusers contains the log-in names which are not allowed to log on via ftp. With ftp, passwords are transmitted over an unprotected plain text connection. Therefore, administrative accesses (root, bin, daemon, sys, adm, lp, smtp, uucp, nuucp, etc.) should be entered in this file. Under some standard installations, root is not contained in this file.

Safeguard Catalogues: S 4: Hardware and software

S 4.21: Preventing unauthorised acquisition of administrator rights

See Also

https://www.bsi.bund.de/cae/servlet/contentblob/471430/publicationFile/28223/standard_100-2_e_pdf.pdf

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(2)

Plugin: Unix

Control ID: fcc8a558c66207bfe750be7134c8c040f180d8669e42b5a388420aa9fc573c30