Navigate

Check: GEN004980

Solaris 9 X86 STIG: GEN004980 (in version v1 r9)

Title

The FTP daemon must be configured for logging or verbose mode. (Cat III impact)

Discussion

Verbose FTP logging allows the examination of events involving FTP account activity, including login/logout events and file transfers. Without this configuration, logs necessary for troubleshooting or analyzing security incidents will be incomplete.

Check Content

Examine the FTP daemon service configuration. # grep ftpd /etc/inetd.conf, Check the line for ftpd and determine if the -l or -v options are present. If not, this is a finding.

Fix Text

Edit the FTP daemon configuration in /etc/inetd.conf and add the "-l" or "-v" options (as appropriate) to enable verbose logging.

Additional Identifiers

Rule ID: SV-845r2_rule

Vulnerability ID: V-845

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000130	The information system generates audit records containing information that establishes what type of event occurred.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-3	Content Of Audit Records