UCF STIG Viewer Logo

The FTP daemon must be configured for logging or verbose mode.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38702 RHEL-06-000339 SV-50503r1_rule Low
Description
To trace malicious activity facilitated by the FTP service, it must be configured to ensure that all commands sent to the ftp server are logged using the verbose vsftpd log format. The default vsftpd log file is /var/log/vsftpd.log.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2015-05-26

Details

Check Text ( C-46264r1_chk )
Find if logging is applied to the ftp daemon.

Procedures:

If vsftpd is started by xinetd the following command will indicate the xinetd.d startup file.

# grep vsftpd /etc/xinetd.d/*



# grep server_args [vsftpd xinetd.d startup file]

This will indicate the vsftpd config file used when starting through xinetd. If the [server_args]line is missing or does not include the vsftpd configuration file, then the default config file (/etc/vsftpd/vsftpd.conf) is used.

# grep xferlog_enable [vsftpd config file]


If xferlog_enable is missing, or is not set to yes, this is a finding.
Fix Text (F-43651r1_fix)
Add or correct the following configuration options within the "vsftpd" configuration file, located at "/etc/vsftpd/vsftpd.conf".

xferlog_enable=YES
xferlog_std_format=NO
log_ftp_protocol=YES