Skip to content

Remove ftp Package

An XCCDF Rule

Description

FTP (File Transfer Protocol) is a traditional and widely used standard tool for transferring files between a server and clients over a network, especially where no authentication is necessary (permits anonymous users to connect to a server).
The ftp package can be removed with the following command:

$ sudo dnf erase ftp

Rationale

FTP does not protect the confidentiality of data or authentication credentials. It is recommended SFTP be used if file transfer is required. Unless there is a need to run the system as a FTP server (for example, to allow anonymous downloads), it is recommended that the package be removed to reduce the potential attack surface.

ID
xccdf_org.ssgproject.content_rule_package_ftp_removed
Severity
Low
References
Updated



Remediation - Anaconda Pre-Install Instructions


package --remove=ftp

Remediation - Ansible

- name: Ensure ftp is removed
  package:
    name: ftp
    state: absent
  tags:
  - PCI-DSSv4-2.2.4

Remediation - Puppet

include remove_ftp

class remove_ftp {
  package { 'ftp':
    ensure => 'purged',
  }

Remediation - Shell Script


# CAUTION: This remediation script will remove ftp
#	   from the system, and may remove any packages
#	   that depend on ftp. Execute this
#	   remediation AFTER testing on a non-production
#	   system!