6.9 Restrict FTP Use - ftp service disabled

Information

If FTP is permitted to be used on the system, the file /etc/ftpd/ftpusers is used to specify a list of users who are not allowed to access the system via FTP.

FTP is an old and insecure protocol that transfers files and credentials in clear text and can be replaced by using sftp. However, if FTP is permitted for use in your environment, it is important to ensure that the default "system" accounts are not permitted to transfer files via FTP, especially the root role. Consider also adding the names of other privileged or shared accounts that may exist on your system such as user oracle and the account which your Web server process runs under. It should be reminded that the Solaris FTP service is disabled by default.

See Also

https://workbench.cisecurity.org/files/611