STIGQter STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The FTP daemon must be configured for logging or verbose mode.

DISA Rule

SV-209041r603263_rule

Vulnerability Number

V-209041

Group Title

SRG-OS-000037

Rule Version

OL6-00-000339

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Add or correct the following configuration options within the "vsftpd" configuration file, located at "/etc/vsftpd/vsftpd.conf".

xferlog_enable=YES
xferlog_std_format=NO
log_ftp_protocol=YES

Check Contents

Verify the "vsftpd" package is installed:

# rpm -qa | grep -i vsftpd
vsftpd-3.0.2-22.e16.x86_64

If the "vsftpd" package is not installed, this is Not Applicable.

Find if logging is applied to the ftp daemon.

Procedures:

If vsftpd is started by xinetd the following command will indicate the xinetd.d startup file.

# grep vsftpd /etc/xinetd.d/*

# grep server_args [vsftpd xinetd.d startup file]

This will indicate the vsftpd config file used when starting through xinetd. If the [server_args]line is missing or does not include the vsftpd configuration file, then the default config file (/etc/vsftpd/vsftpd.conf) is used.

# grep xferlog_enable [vsftpd config file]

If xferlog_enable is missing, or is not set to yes, this is a finding.

Vulnerability Number

V-209041

Documentable

False

Rule Version

OL6-00-000339

Severity Override Guidance

Verify the "vsftpd" package is installed:

# rpm -qa | grep -i vsftpd
vsftpd-3.0.2-22.e16.x86_64

If the "vsftpd" package is not installed, this is Not Applicable.

Find if logging is applied to the ftp daemon.

Procedures:

If vsftpd is started by xinetd the following command will indicate the xinetd.d startup file.

# grep vsftpd /etc/xinetd.d/*

# grep server_args [vsftpd xinetd.d startup file]

This will indicate the vsftpd config file used when starting through xinetd. If the [server_args]line is missing or does not include the vsftpd configuration file, then the default config file (/etc/vsftpd/vsftpd.conf) is used.

# grep xferlog_enable [vsftpd config file]

If xferlog_enable is missing, or is not set to yes, this is a finding.

Check Content Reference

M

Target Key

2928

Comments