STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Anonymous FTP accounts must not have a functional shell.

DISA Rule

SV-227862r603266_rule

Vulnerability Number

V-227862

Group Title

SRG-OS-000480

Rule Version

GEN005000

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure anonymous FTP accounts to use a non-functional shell. If necessary, edit the /etc/passwd file to remove any functioning shells associated with the FTP account and replace them with non-functioning shells, such as, /dev/null.

Check Contents

Check the shell for the anonymous FTP account.

Procedure:
# grep "^ftp" /etc/passwd

This is a finding if the seventh field is empty (the entry ends with a ':') or if the seventh field does not contain one of the following.

/bin/false
/dev/null
/usr/bin/false
/bin/true
/sbin/nologin

Vulnerability Number

V-227862

Documentable

False

Rule Version

GEN005000

Severity Override Guidance

Check the shell for the anonymous FTP account.

Procedure:
# grep "^ftp" /etc/passwd

This is a finding if the seventh field is empty (the entry ends with a ':') or if the seventh field does not contain one of the following.

/bin/false
/dev/null
/usr/bin/false
/bin/true
/sbin/nologin

Check Content Reference

M

Target Key

4061

Comments