6.9 Restrict FTP Use - ftp service disabled

Information

If FTP is permitted to be used on the system, the file /etc/ftpd/ftpusers is used to
specify a list of users who are not allowed to access the system via FTP.

FTP is an old and insecure protocol that transfers files and credentials in clear text and can
be replaced by using sftp. However, if FTP is permitted for use in your environment, it is
important to ensure that the default 'system' accounts are not permitted to transfer files
via FTP, especially the root role. Consider also adding the names of other privileged or
shared accounts that may exist on your system such as user oracle and the account which
your Web server process runs under. It should be reminded that the Solaris FTP service is
disabled by default.

Solution

Perform the following to implement the recommended state-# cd /etc/ftpd
# for user in `logins -s | awk '{ print $1 }'`
aiuser noaccess nobody nobody4; do
$(echo $user >> ftpusers)
done
# sort -u ftpusers > ftpusers.CIS
# mv ftpusers.CIS ftpusersIf your site policy states that users have to be authorized to use FTP, consider placing all
users in the /etc/ftpd/ftpusers file and then explicitly removing those who are
permitted to use the service. To accomplish this, use the command-# getent passwd | cut -f1 -d'-' > /etc/ftpd/ftpusersThis prohibits any user on the system from using ftp unless they are explicitly removed
from the file. Note that this file will need to be updated as users are added to or removed
from the system.

See Also

https://workbench.cisecurity.org/files/616