Navigate

Check: GEN004800

SUSE Linux Enterprise Server v11 for System z STIG: GEN004800 (in versions v1 r11 through v1 r9)

Title

Unencrypted FTP must not be used on the system. (Cat II impact)

Discussion

: FTP is typically unencrypted and presents confidentiality and integrity risks. FTP may be protected by encryption in certain cases, such as when used in a Kerberos environment. SFTP and FTPS are encrypted alternatives to FTP.

Check Content

Perform the following to determine if unencrypted FTP or Telnet are enabled: # chkconfig --list pure-ftpd # chkconfig --list telnet # chkconfig --list gssftp # chkconfig --list vsftpd If any of these services are found, ask the SA if these services are encrypted. If they are not, this is a finding.

Fix Text

Disable the Telnet and FTP daemons. Procedure: # chkconfig pure-ftpd off # chkconfig telnet off # chkconfig gssftp off # chkconfig vsftpd off

Additional Identifiers

Rule ID: SV-45876r2_rule

Vulnerability ID: V-12010

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	Implement the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings