Title

AIX ftpd daemon must not be running. (Cat I impact)

Discussion

The ftp service is used to transfer files from or to a remote machine. The username and passwords are passed over the network in clear text and therefore insecurely. Remote file transfer, if required, should be facilitated through SSH.

Check Content

Determine if the "ftp" daemon is running by running the following command: # grep "^ftp[[:blank:]]" /etc/inetd.conf If an entry is returned like the following line, the "ftp" daemon is running: ftp stream tcp6 nowait root /usr/sbin/ftpd ftpd If the above grep command returned a line that contains "ftpd", this is a finding.

Fix Text

Disable "ftp" daemon entry in "/etc/inetd.conf" using command: # chsubserver -r inetd -C /etc/inetd.conf -d -v 'ftp' -p 'tcp6' Reload the inetd process: # refresh -s inetd

Additional Identifiers

Rule ID: SV-215259r877396_rule

Vulnerability ID: V-215259

Group Title: SRG-OS-000074-GPOS-00042

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.