Free DISA STIG and SRG Library | Vaulted

V-29523

The /etc/ftpaccess.ctl file must not have an extended ACL.

Finding ID
GEN000000-AIX0350
Rule ID
SV-38754r1_rule
Severity
Cat II
CCE
(None)
Group Title
GEN000000-AIX0350
CCI
CCI-000366
Target Key
(None)
Documentable
No
Discussion

Excessive permissions on the ftpaccess.ctl file could permit unauthorized modification. Unauthorized modification could result in Denial of Service to authorized FTP users or permit unauthorized access to system information.

Fix Text

Remove the extended ACL from the /etc/ftpaccess.ctl file. #acledit /etc/ftpaccess.ctl Disable extended permissions.

Check Content

Check the permissions of the /etc/ftpaccess.ctl file. #aclget /etc/ftpaccess.ctl Check if extended permissions are disabled. If extended permissions are not disabled, this is a finding.

Responsibility

System Administrator

IA Controls

ECLP-1