GEN000000-AIX0330 - The /etc/ftpaccess.ctl file must be group-owned by bin, sys, or system.

Information

If the ftpaccess.ctl file is not group-owned by a system group, an unauthorized user may modify the file to allow unauthorized access to modify the file. Unauthorized modification could result in Denial of Service to authorized FTP users or permit unauthorized access to system information.

Solution

Change the group owner of the /etc/ftpaccess.ctl file.
# chgrp system /etc/ftpaccess.ctl

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-6, 800-53|CM-6b., CAT|II, CCI|CCI-000225, CCI|CCI-000366, Rule-ID|SV-38752r1_rule, STIG-ID|GEN000000-AIX0330, Vuln-ID|V-29521

Plugin: Unix

Control ID: 9ad4621aa9a2945e5dda3cc3935ab366fcd080997a4416e27dc5edc20042a7b4