Navigate

Check: GEN000000-AIX0350

AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE: GEN000000-AIX0350 (in versions v1 r14 through v1 r10)

Title

The /etc/ftpaccess.ctl file must not have an extended ACL. (Cat II impact)

Discussion

Excessive permissions on the ftpaccess.ctl file could permit unauthorized modification. Unauthorized modification could result in Denial of Service to authorized FTP users or permit unauthorized access to system information.

Check Content

Check the permissions of the /etc/ftpaccess.ctl file. #aclget /etc/ftpaccess.ctl Check if extended permissions are disabled. If extended permissions are not disabled, this is a finding.

Fix Text

Remove the extended ACL from the /etc/ftpaccess.ctl file. #acledit /etc/ftpaccess.ctl Disable extended permissions.

Additional Identifiers

Rule ID: SV-38754r1_rule

Vulnerability ID: V-29523

Group Title: GEN000000-AIX0350

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000225	Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned organizational tasks.
CCI-000366	Implement the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AC-6	Least Privilege
CM-6	Configuration Settings