SUSE Linux Enterprise Server v11 for System z STIG Version Comparison

There are 2 differences between versions v1 r10 (July 28, 2017) (the "left" version) and v1 r12 (Oct. 26, 2018) (the "right" version).

Check GEN004800 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

Unencrypted FTP must not be used on the system.

Check Content

Perform the following to determine if unencrypted FTP is or Telnet are enabled: # chkconfig --list pure-ftpd # pure-ftpd # chkconfig --list telnet # chkconfig --list gssftp # chkconfig --list vsftpd If vsftpd If any of these services are found, ask the SA if these services are encrypted. encrypted. If If they are not, this is a finding.

Discussion

: FTP is typically unencrypted and presents confidentiality and integrity risks. FTP may be protected by encryption in certain cases, such as when used in a Kerberos environment. SFTP and FTPS are encrypted alternatives to FTP.

Fix

Disable the Telnet and FTP daemons. Procedure: # chkconfig pure-ftpd off # chkconfig telnet off # chkconfig gssftp off # chkconfig vsftpd off