2.2.9 Ensure FTP Server is not enabled (Scored)
Profile Applicability
Level 1 - Server Level 1 - Workstation
Description
The File Transfer Protocol (FTP) provides networked computers with the ability to transfer files.
Rationale
FTP does not protect the confidentiality of data or authentication credentials. It is recommended sftp be used if file transfer is required. Unless there is a need to run the system as a FTP server (for example, to allow anonymous downloads), it is recommended that the package be deleted to reduce the potential attack surface.
Audit
Run the following commands to verify vsftpd
is not enabled:
# systemctl is-enabled vsftpd disabled
Verify result is not “enabled”.
Remediation
Run the following command to disable vsftpd
:
# systemctl disable vsftpd
Notes
Additional FTP servers also exist and should be audited.