Disable FTP Uploads if Possible

Description

Is there a mission-critical reason for users to upload files via FTP? If not, edit the vsftpd configuration file to add or correct the following configuration options:

write_enable=NO

If FTP uploads are necessary, follow the guidance in the remainder of this section to secure these transactions as much as possible.

Rationale

Anonymous FTP can be a convenient way to make files available for universal download. However, it is less common to have a need to allow unauthenticated users to place files on the FTP server. If this must be done, it is necessary to ensure that files cannot be uploaded and downloaded from the same directory.

ID: xccdf_org.ssgproject.content_rule_ftp_disable_uploads
Severity: Unknown
References: CCE-80250-4
Updated: about 1 year ago