3.1.3.10 Ensure System Accounts cannot access system using ftp.

Information

If ftp is active on the system, the file /etc/ftpusers is a deny list used by ftp daemon containing a list of users who are not allowed to access the system via ftp.

Rationale:

The /etc/ftpusers file contains a list of users who are not allowed to access the system via ftp. All users with a UID less than 200 should typically be added into the file.

Solution

List all users with a UID less than 200 to the /etc/ftpusers file:

lsuser -c ALL | grep -v ^#name |grep -v root | cut -f1 -d: | while read NAME; do
if [ 'lsuser -f $NAME | grep id | cut -f2 -d=' -lt 200 ] > /dev/null 2>&1; then
echo 'Would add $NAME to /etc/ftpusers'
fi
done

NOTE: Review the list of users
Add all relevant users with a UID of less that 200 to the /etc/ftpusers file:

lsuser -c ALL | grep -v ^#name |grep -v root | cut -f1 -d: | while read NAME; do
if [ 'lsuser -f $NAME | grep id | cut -f2 -d=' -lt 200 ] > /dev/null 2>&1; then
echo $NAME >> /etc/ftpusers
fi
done

Default Value:

N/A

Additional Information:

Reversion:

Edit /etc/ftpusers and leave only the root entry:

vi /etc/ftpusers

See Also

https://workbench.cisecurity.org/files/3525

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5, CSCv7|4.6

Plugin: Unix

Control ID: 4eddc754ec04989beeeedddd32f88f6e6dd0231154959a7ec9c4f808b32db29f