Remove ftp Package
An XCCDF Rule
Description
FTP (File Transfer Protocol) is a traditional and widely used standard tool for
transferring files between a server and clients over a network, especially where no
authentication is necessary (permits anonymous users to connect to a server).
The ftp
package can be removed with the following command:
$ sudo dnf erase ftp
Rationale
FTP does not protect the confidentiality of data or authentication credentials. It is recommended SFTP be used if file transfer is required. Unless there is a need to run the system as a FTP server (for example, to allow anonymous downloads), it is recommended that the package be removed to reduce the potential attack surface.
- ID
- xccdf_org.ssgproject.content_rule_package_ftp_removed
- Severity
- Low
- Updated
Remediation - Anaconda Pre-Install Instructions
package --remove=ftp
Remediation - Ansible
- name: Ensure ftp is removed
package:
name: ftp
state: absent
tags:
- PCI-DSSv4-2.2.4
Remediation - Puppet
include remove_ftp
class remove_ftp {
package { 'ftp':
ensure => 'purged',
}
Remediation - Shell Script
# CAUTION: This remediation script will remove ftp
# from the system, and may remove any packages
# that depend on ftp. Execute this
# remediation AFTER testing on a non-production
# system!