STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The FTPS/FTP service on the system must be configured with the Department of Defense (DoD) login banner.

DISA Rule

SV-209050r603263_rule

Vulnerability Number

V-209050

Group Title

SRG-OS-000023

Rule Version

OL6-00-000348

Severity

CAT II

CCI(s)

CCI-000048 - The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Weight

Fix Recommendation

Edit the vsftpd configuration file, which resides at "/etc/vsftpd/vsftpd.conf" by default.

Add or correct the following configuration options.

banner_file=/etc/issue

Restart the vsftpd daemon.

# service vsftpd restart

Check Contents

Verify the "vsftpd" package is installed:

# rpm -qa | grep -i vsftpd
vsftpd-3.0.2-22.e16.x86_64

If the "vsftpd" package is not installed, this is Not Applicable.

To verify this configuration, run the following command:

grep "banner_file" /etc/vsftpd/vsftpd.conf

The output should show the value of "banner_file" is set to "/etc/issue", an example of which is shown below.

# grep "banner_file" /etc/vsftpd/vsftpd.conf
banner_file=/etc/issue

If it does not, this is a finding.

Vulnerability Number

V-209050

Documentable

False

Rule Version

OL6-00-000348

Severity Override Guidance

Check Content Reference

Target Key

2928

The FTPS/FTP service on the system must be configured with the Department of Defense (DoD) login banner.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments