Check: OL6-00-000348
Oracle Linux 6 STIG:
OL6-00-000348
(in versions v2 r7 through v1 r14)
Title
The FTPS/FTP service on the system must be configured with the Department of Defense (DoD) login banner. (Cat II impact)
Discussion
This setting will cause the system greeting banner to be used for FTP connections as well.
Check Content
Verify the "vsftpd" package is installed: # rpm -qa | grep -i vsftpd vsftpd-3.0.2-22.e16.x86_64 If the "vsftpd" package is not installed, this is Not Applicable. To verify this configuration, run the following command: grep "banner_file" /etc/vsftpd/vsftpd.conf The output should show the value of "banner_file" is set to "/etc/issue", an example of which is shown below. # grep "banner_file" /etc/vsftpd/vsftpd.conf banner_file=/etc/issue If it does not, this is a finding.
Fix Text
Edit the vsftpd configuration file, which resides at "/etc/vsftpd/vsftpd.conf" by default. Add or correct the following configuration options. banner_file=/etc/issue Restart the vsftpd daemon. # service vsftpd restart
Additional Identifiers
Rule ID: SV-209050r793771_rule
Vulnerability ID: V-209050
Group Title: SRG-OS-000023
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000048 |
The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. |
Controls
Number | Title |
---|---|
AC-8 |
System Use Notification |