2.1.9 Ensure FTP Server is not enabled

Information

The File Transfer Protocol (FTP) provides networked computers with the ability to transfer files.

Rationale:

FTP does not protect the confidentiality of data or authentication credentials. It is recommended sftp be used if file transfer is required. Unless there is a need to run the system as a FTP server (for example, to allow anonymous downloads), it is recommended that the service be disabled to reduce the potential attack surface.

Solution

Run the following command to disable vsftpd :

# systemctl disable vsftpd
# systemctl stop vsftpd

See Also

https://workbench.cisecurity.org/files/2449

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CSCv6|9.1, CSCv7|9.2

Plugin: Unix

Control ID: a7ed508c657ea578de1452ba8484659c890d9385e6036bb69ba6c1da39d79f9e