3.1.5.9 ftp

Information

This entry starts the ftpd daemon when required. This service is used for transferring files from/to a remote machine.

The recommendation is that ftp is disabled and sftp is used as a replacement file and directory copying mechanism.

Rationale:

This ftp service is used to transfer files from or to a remote machine. The username and passwords are passed over the network in clear text and therefore insecurely. Unless required the ftpd daemon should be disabled.

Solution

In /etc/inetd.conf, comment out the ftp entry:

chsubserver -r inetd -C /etc/inetd.conf -d -v 'ftp' -p 'tcp6'
refresh -s inetd

Default Value:

Uncommented

See Also

https://workbench.cisecurity.org/files/4119

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: 4ab6daf3869c0ef25831dc0557c91d70f628b0793d74cd4589ea1fefe4da05f6