STIGQter STIGQter: STIG Summary: Oracle Linux 5 Security Technical Implementation Guide Version: 1 Release: 13 Benchmark Date: 26 Oct 2018: Anonymous FTP accounts must not have a functional shell.

DISA Rule

SV-63109r1_rule

Vulnerability Number

V-4387

Group Title

GEN005000

Rule Version

GEN005000

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure anonymous FTP accounts to use a non-functional shell. If necessary, edit the /etc/passwd file to remove any functioning shells associated with the ftp account and replace them with non-functioning shells, such as /dev/null.

Check Contents

Check the shell for the anonymous FTP account.

Procedure:
# grep "^ftp" /etc/passwd

This is a finding if the seventh field is empty (the entry ends with a ':') or if the seventh field does not contain one of the following:

/bin/false
/dev/null
/usr/bin/false
/bin/true
/sbin/nologin

Vulnerability Number

V-4387

Documentable

False

Rule Version

GEN005000

Severity Override Guidance

Check the shell for the anonymous FTP account.

Procedure:
# grep "^ftp" /etc/passwd

This is a finding if the seventh field is empty (the entry ends with a ':') or if the seventh field does not contain one of the following:

/bin/false
/dev/null
/usr/bin/false
/bin/true
/sbin/nologin

Check Content Reference

M

Responsibility

System Administrator

Target Key

2207

Comments