UCF STIG Viewer Logo

The FTP daemon must be configured for logging or verbose mode.


Finding ID Version Rule ID IA Controls Severity
V-218070 RHEL-06-000339 SV-218070r505923_rule Low
To trace malicious activity facilitated by the FTP service, it must be configured to ensure that all commands sent to the ftp server are logged using the verbose vsftpd log format. The default vsftpd log file is /var/log/vsftpd.log.
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2020-09-03


Check Text ( C-19551r377225_chk )
Verify the "vsftpd" package is installed:
# rpm -qa | grep -i vsftpd

If the "vsftpd" package is not installed, this is Not Applicable.

Find if logging is applied to the ftp daemon.


If vsftpd is started by xinetd the following command will indicate the xinetd.d startup file.

# grep vsftpd /etc/xinetd.d/*

# grep server_args [vsftpd xinetd.d startup file]

This will indicate the vsftpd config file used when starting through xinetd. If the [server_args]line is missing or does not include the vsftpd configuration file, then the default config file (/etc/vsftpd/vsftpd.conf) is used.

# grep xferlog_enable [vsftpd config file]

If xferlog_enable is missing, or is not set to yes, this is a finding.
Fix Text (F-19549r377226_fix)
Add or correct the following configuration options within the "vsftpd" configuration file, located at "/etc/vsftpd/vsftpd.conf".