4.5 Ensure ftp server is not running

Information

Mac OS X used to have a graphical front-end to the embedded ftp server in the Operating System. Ftp sharing could be enabled to allow someone on another computer to download files or information from the user's computer. Running an Ftp server from a user endpoint has long been considered questionable and Apple has removed that capability from the GUI. The Ftp server however is still part of the Operating System and can be easily turned on to share files and provide remote connectivity to an end user computer. Ftp servers meet a specialized need to distribute files without strong authentication and should only be done through hardened servers. Cloud services or other distribution methods should be considered Ftp servers should not be run on an end user desktop. Dedicated servers or appropriate cloud storage should be used. Open ports make it easier to exploit the computer.

Solution

Ensure that the FTP Server is not running and is not set to start at boot Stop the ftp Server sudo -s launchctl unload -w /System/Library/LaunchDaemons/ftp.plist Impact: The ftp server is both a point of attack for the system and a means for unauthorized file transfers. The ftp server is another avenue to attempt brute forcing password for existing valid users.

See Also

https://workbench.cisecurity.org/files/299

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Unix

Control ID: 38748d8aa2f94d247540889a38a48c9db8dc9b949bd00a8d955c935f0423b92c