STIGQter STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 1 Release: 26 Benchmark Date: 24 Jan 2020: The anonymous FTP account must be configured to use chroot or a similarly isolated environment.

DISA Rule

SV-39838r1_rule

Vulnerability Number

V-4388

Group Title

GEN005020

Rule Version

GEN005020

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Run the ftpconfig(1M) command to set up a chroot-ed environment for anonymous FTP with appropriate constraints.

# ftpconfig < anonymous FTP home directory>

Check Contents

The default Solaris FTP daemon, in.ftpd, uses the ftp user's home directory as the chroot base for anonymous FTP. If any files and directories within the ftp user's home directory are owned by any user other than root, or if any subdirectory other than pub has permissions more permissive than 0111, this is a finding.

Vulnerability Number

V-4388

Documentable

False

Rule Version

GEN005020

Severity Override Guidance

The default Solaris FTP daemon, in.ftpd, uses the ftp user's home directory as the chroot base for anonymous FTP. If any files and directories within the ftp user's home directory are owned by any user other than root, or if any subdirectory other than pub has permissions more permissive than 0111, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

25

Comments