FTP allowed system accounts (UNIX)

Module: Network Integrity

This check reports system accounts such as root and bin that are not denied access to FTP through the ftpusers file. System accounts should be denied FTP access. FTP passwords are transmitted in clear text and could be intercepted, which would give an attacker privileged access to your system.

The following table lists the error messages for the check.

Table: Error messages for FTP allowed system accounts

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_NOFTPUSERS Category: Change Notification	UNIX (6335)	Title: No ftpusers file on your system Description:The ftpusers file does not exist on your system. This is a security problem because the ftpusers file is used to prevent specific accounts from using FTP. In normal operations, some accounts should be denied access to FTP. This includes the root account, any guest accounts, uucp accounts, accounts with restricted shells, and any other account that should not be copying files across the network. You should create the ftpusers file and add these accounts to it.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_SYSACCMISS Category: Change Notification	UNIX (6338)	Title: System account can FTP Description:The named system account is not denied access to FTP through the ftpusers file. System accounts should be denied FTP access. FTP passwords are transmitted in clear text and could be intercepted, which would give an attacker privileged access to your system.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_NOFTPUSERS

Category: Change Notification

UNIX (6335)

Title: No ftpusers file on your system

Description:The ftpusers file does not exist on your system. This is a security problem because the ftpusers file is used to prevent specific accounts from using FTP. In normal operations, some accounts should be denied access to FTP. This includes the root account, any guest accounts, uucp accounts, accounts with restricted shells, and any other account that should not be copying files across the network. You should create the ftpusers file and add these accounts to it.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_SYSACCMISS

Category: Change Notification

UNIX (6338)

Title: System account can FTP

Description:The named system account is not denied access to FTP through the ftpusers file. System accounts should be denied FTP access. FTP passwords are transmitted in clear text and could be intercepted, which would give an attacker privileged access to your system.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]