Title

The anonymous FTP account must be configured to use chroot or a similarly isolated environment. (Cat II impact)

Discussion

If an anonymous FTP account does not use a chroot or similarly isolated environment, the system may be more vulnerable to exploits against the FTP service. Such exploits could allow an attacker to gain shell access to the system and view, edit, or remove sensitive files.

Check Content

Is FTP installed? # ls -lL /usr/lbin/ftpd If ftpd is not installed, this is not a finding. If ftpd is installed, determine if there is an anonymous ftp user configured in /etc/passwd. # cat /etc/passwd | egrep -c "^ftp|^anonymous" The /etc/passwd file, home directory entry for the anonymous FTP user should appear as the following example: ftp:4rL2xXxDatENY:509:159::/home/ftp/./:/usr/bin/false If there is an anonymous ftp user configured in /etc/passwd, determine if the ftp/anonymous user's home directory entry in the /etc/passwd file configured for chroot? # cat /etc/passwd | egrep "^ftp|^anonymous" | cut -f 6,6 -d ":" A dot (.) in field 6 of the FTP /etc/passwd file determines where the chroot will be performed. In the above example, the new root directory is /home/ftp. If an anonymous ftp user is found and the above command does not return an absolute path with a home directory of "dot" (see the above example), this is a finding.

Fix Text

Using the HP-SMH, configure the anonymous FTP service to operate in a chroot environment.

Additional Identifiers

Rule ID: SV-35108r1_rule

Vulnerability ID: V-4388

Group Title: GEN005020

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.