Back

Create a warning message for FTP daemon.


CONTROL ID
01599
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Apply the appropriate warning message to systems., CC ID: 01596

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Create warnings for FTP daemon. (§ 9.4, The Center for Internet Security AIX Benchmark, 1.0.1)
  • Create warnings for FTP daemon. (§ 9.3, The Center for Internet Security HP-UX Benchmark, 1.4.2)
  • Create warnings for FTP daemon. (§ 9.3, The Center for Internet Security Red Hat Enterprise Linux Benchmark, 1.0.5)
  • Create warnings for FTP daemon. (§ 9.3, The Center for Internet Security Red Hat Enterprise Linux Benchmark, 1.1.1)
  • Create warnings for FTP daemon. (§ 9.3, The Center for Internet Security Slackware Linux Benchmark, 1.1)
  • Create warnings for FTP daemon. (§ 8.3, The Center for Internet Security Solaris 10 Benchmark, 2.1.2)
  • Create warnings for FTP daemon. (§ 9.4, The Center for Internet Security Solaris Benchmark, 1.5.0)
  • Create warnings for FTP daemon. (§ 9.3, The Center for Internet Security SuSE Linux Enterprise Server Benchmark, 2)
  • Table F-6: For Solaris, the organization must create a warning banner for FTP daemon. Table F-7: For HP-UX, the organization must create a warning banner for FTP daemon. (Table F-6, Table F-7, CMS Business Partners Systems Security Manual, Rev. 10)
  • The Information Assurance Officer should ensure that a warning banner is displayed prior to sign-on of Demand and FTP sessions. The banner also should be displayed after a successful logon and remain displayed until the user presses a key. This banner should include the following, at a minimum: the … (§ 2.3.3.5, Defense Information Systems Agency UNISYS Security Technical Implementation Guide Version 7 Release 2, 28 August 2006)
  • Root or bin should be the owner of the FTP daemon and it should have permissions no more permissive than 755. (§ 4.8.1, Defense Information Systems Agency UNIX Security Technical Implementation Guide Version 5 Release 1, Version 5, Release 1)
  • The ftp login banner should be set appropriately. Technical Mechanisms: Parameters: banner text or null References: 10.8.10.5.2 (5) d) (CCE-5843-8, Common Configuration Enumeration List, Combined XML: AIX 5.3, 5.20130214)
  • The ftp login banner should be set appropriately. Technical Mechanisms: Parameters: banner text or null References: 10.8.10.5.2 (5) d) (CCE-5552-5, Common Configuration Enumeration List, Combined XML: HP-UX 11.23, 5.20130214)
  • The ftp login banner should be set appropriately. Technical Mechanisms: Parameters: banner text or null References: 10.8.10.5.2 (5) d) (CCE-6440-2, Common Configuration Enumeration List, Combined XML: Red Hat Enterprise Linux 4, 5.20130214)
  • A warning banner for all FTP users should be enabled or disabled as appropriate Technical Mechanisms: via /etc/vsftpd.conf Parameters: enabled / disabled References: Section: 3.15.3.2, Value: enabled (CCE-4554-2, Common Configuration Enumeration List, Combined XML: Red Hat Enterprise Linux 5, 5.20130214)
  • The FTP service should display a banner as appropriate before authentication. Technical Mechanisms: /etc/ftpd/banner.msg Parameters: banner text References: Section: 8.4,Value: (CCE-4103-8, Common Configuration Enumeration List, Combined XML: Sun Solaris 10, 5.20130214)
  • The ftp login banner should be set appropriately. Technical Mechanisms: Parameters: banner text or null References: 10.8.10.5.2 (5) d) (CCE-6616-7, Common Configuration Enumeration List, Combined XML: Sun Solaris 8, 5.20130214)
  • The ftp login banner should be set appropriately. Technical Mechanisms: Parameters: banner text or null References: 10.8.10.5.2 (5) d) (CCE-6837-9, Common Configuration Enumeration List, Combined XML: Sun Solaris 9, 5.20130214)
  • Create warnings for FTP daemons. (§ 9.4, NSA Guide to the Secure Configuration of Solaris 9, Version 1.0)