Check: RHEL-06-000348
Red Hat Enterprise Linux 6 STIG:
RHEL-06-000348
(in versions v2 r2 through v1 r21)
Title
The FTPS/FTP service on the system must be configured with the Department of Defense (DoD) login banner. (Cat II impact)
Discussion
This setting will cause the system greeting banner to be used for FTP connections as well.
Check Content
Verify the "vsftpd" package is installed: # rpm -qa | grep -i vsftpd vsftpd-3.0.2-22.e16.x86_64 If the "vsftpd" package is not installed, this is Not Applicable. To verify this configuration, run the following command: grep "banner_file" /etc/vsftpd/vsftpd.conf The output should show the value of "banner_file" is set to "/etc/issue", an example of which is shown below. # grep "banner_file" /etc/vsftpd/vsftpd.conf banner_file=/etc/issue If it does not, this is a finding.
Fix Text
Edit the vsftpd configuration file, which resides at "/etc/vsftpd/vsftpd.conf" by default. Add or correct the following configuration options. banner_file=/etc/issue Restart the vsftpd daemon. # service vsftpd restart
Additional Identifiers
Rule ID: SV-218079r603264_rule
Vulnerability ID: V-218079
Group Title: SRG-OS-000023
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000048 |
Display an organization-defined system use notification message or banner to users before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidelines. |
Controls
| Number | Title |
|---|---|
| AC-8 |
System Use Notification |