Navigate

Check: GEN004800

SUSE Linux Enterprise Server v11 for System z STIG: GEN004800 (in version v1 r12)

Title

Unencrypted FTP must not be used on the system. (Cat II impact)

Discussion

FTP is typically unencrypted and presents confidentiality and integrity risks. FTP may be protected by encryption in certain cases, such as when used in a Kerberos environment. SFTP and FTPS are encrypted alternatives to FTP.

Check Content

Perform the following to determine if unencrypted FTP is enabled: # chkconfig --list pure-ftpd # chkconfig --list gssftp # chkconfig --list vsftpd If any of these services are found, ask the SA if these services are encrypted. If they are not, this is a finding.

Fix Text

Disable the FTP daemons. Procedure: # chkconfig pure-ftpd off # chkconfig gssftp off # chkconfig vsftpd off

Additional Identifiers

Rule ID: SV-45876r2_rule

Vulnerability ID: V-12010

Group Title: GEN004800

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings