STIGQter: STIG Summary: SUSE Linux Enterprise Server 15 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

The SUSE operating system must not have the vsftpd package installed if not required for operational support.

DISA Rule

SV-234804r622137_rule

Vulnerability Number

V-234804

Group Title

SRG-OS-000074-GPOS-00042

Rule Version

SLES-15-010030

Severity

CAT I

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.
• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Document the "vsftpd" package with the ISSO as an operational requirement or remove it from the system with the following command:

> sudo zypper remove vsftpd

Check Contents

Verify the vsftpd package is not installed on the SUSE operating system.

Check that the vsftpd package is not installed on the SUSE operating system by running the following command:

> zypper info vsftpd | grep Installed

If "vsftpd" is installed and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.

Vulnerability Number

V-234804

Documentable

False

Rule Version

SLES-15-010030

Severity Override Guidance

Verify the vsftpd package is not installed on the SUSE operating system.

Check that the vsftpd package is not installed on the SUSE operating system by running the following command:

> zypper info vsftpd | grep Installed

If "vsftpd" is installed and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.

Check Content Reference

M

Target Key

5274

Comments