Check: AIX7-00-002060
IBM AIX 7.x STIG:
AIX7-00-002060
(in versions v3 r1 through v1 r1)
Title
AIX ftpd daemon must not be running. (Cat I impact)
Discussion
The ftp service is used to transfer files from or to a remote machine. The username and passwords are passed over the network in clear text and therefore insecurely. Remote file transfer, if required, should be facilitated through SSH.
Check Content
Determine if the "ftp" daemon is running by running the following command: # grep "^ftp[[:blank:]]" /etc/inetd.conf If an entry is returned like the following line, the "ftp" daemon is running: ftp stream tcp6 nowait root /usr/sbin/ftpd ftpd If the above grep command returned a line that contains "ftpd", this is a finding.
Fix Text
Disable "ftp" daemon entry in "/etc/inetd.conf" using command: # chsubserver -r inetd -C /etc/inetd.conf -d -v 'ftp' -p 'tcp6' Reload the inetd process: # refresh -s inetd
Additional Identifiers
Rule ID: SV-215259r987796_rule
Vulnerability ID: V-215259
Group Title: SRG-OS-000074-GPOS-00042
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000197 |
For password-based authentication, transmit passwords only over cryptographically-protected channels. |
Controls
Number | Title |
---|---|
IA-5(1) |
Password-based Authentication |