Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Resources
Documents
Publishers
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide
SRG-OS-000074-GPOS-00042
SRG-OS-000074-GPOS-00042
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-OS-000074-GPOS-00042
1 Rule
AlmaLinux OS 9 must not have any File Transfer Protocol (FTP) packages installed.
High Severity
Passwords must be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. An FTP server provides an unencrypted file transfer mechanism that does not protect the confidentiality of user credentials or the remote session. If a privileged user were to log on using this service, the privileged user password could be compromised. SFTP or other encrypted file transfer methods must be used instead. Removing the server and client packages prevents inbound and outbound communications from being compromised.