SV-63109r1_rule
V-4387
GEN005000
GEN005000
CAT I
10
Configure anonymous FTP accounts to use a non-functional shell. If necessary, edit the /etc/passwd file to remove any functioning shells associated with the ftp account and replace them with non-functioning shells, such as /dev/null.
Check the shell for the anonymous FTP account.
Procedure:
# grep "^ftp" /etc/passwd
This is a finding if the seventh field is empty (the entry ends with a ':') or if the seventh field does not contain one of the following:
/bin/false
/dev/null
/usr/bin/false
/bin/true
/sbin/nologin
V-4387
False
GEN005000
Check the shell for the anonymous FTP account.
Procedure:
# grep "^ftp" /etc/passwd
This is a finding if the seventh field is empty (the entry ends with a ':') or if the seventh field does not contain one of the following:
/bin/false
/dev/null
/usr/bin/false
/bin/true
/sbin/nologin
M
System Administrator
2207