STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The anonymous FTP account must be configured to use chroot or a similarly isolated environment.

DISA Rule

SV-226956r603265_rule

Vulnerability Number

V-226956

Group Title

SRG-OS-000480

Rule Version

GEN005020

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Run the ftpconfig(1M) command to set up a chroot-ed environment for anonymous FTP with appropriate constraints.

# ftpconfig < anonymous FTP home directory>

Check Contents

The default Solaris FTP daemon, in.ftpd, uses the ftp user's home directory as the chroot base for anonymous FTP. If any files and directories within the ftp user's home directory are owned by any user other than root, or if any subdirectory other than pub has permissions more permissive than 0111, this is a finding.

Vulnerability Number

V-226956

Documentable

False

Rule Version

GEN005020

Severity Override Guidance

The default Solaris FTP daemon, in.ftpd, uses the ftp user's home directory as the chroot base for anonymous FTP. If any files and directories within the ftp user's home directory are owned by any user other than root, or if any subdirectory other than pub has permissions more permissive than 0111, this is a finding.

Check Content Reference

M

Target Key

4060

Comments