Check: GEN004980
VMware ESX 3 Server:
GEN004980
(in version v1 r2)
Title
The FTP daemon must be configured for logging or verbose mode. (Cat III impact)
Discussion
Verbose FTP logging allows the examination of events involving FTP account activity, including login/logout events and file transfers. Without this configuration, logs necessary for troubleshooting or analyzing security incidents will be incomplete.
Check Content
Examine the FTP daemon service configuration. # grep ftpd /etc/inetd.conf, Check the line for ftpd and determine if the -l or -v options are present. If not, this is a finding.
Fix Text
Edit the FTP daemon configuration in /etc/inetd.conf and add the "-l" or "-v" options (as appropriate) to enable verbose logging.
Additional Identifiers
Rule ID: SV-845r2_rule
Vulnerability ID: V-845
Group Title: GEN004980
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000130 |
The information system generates audit records containing information that establishes what type of event occurred. |
Controls
Number | Title |
---|---|
AU-3 |
Content Of Audit Records |