3.3.4.9 ftp

Information

This entry starts the ftpd daemon when required. This service is used for transferring files from/to a remote machine.

The recommendation is that ftp is disabled and sftp is used as a replacement file and directory copying mechanism.

Rationale:

This ftp service is used to transfer files from or to a remote machine. The username and passwords are passed over the network in clear text and therefore insecurely. Unless required the ftpd daemon should be disabled.

Solution

In /etc/inetd.conf, comment out the ftp entry:

chsubserver -r inetd -C /etc/inetd.conf -d -v 'ftp' -p 'tcp6'
refresh -s inetd

Default Value:

Uncommented

See Also

https://workbench.cisecurity.org/files/3525

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: cf6b15b7ef53e8a266ba8dbd20035794d7048d920ca281993e9e2422362f6bb2