code/linux/audit/ftp-server.yaml

id: ftp-server

info:
  name: Ensure FTP Server Service is Not Installed
  author: Th3l0newolf
  severity: info
  description: |
    The vsftpd package provides an FTP server for file transfer services.Since FTP is unencrypted and insecure, it should only be installed when explicitly required.
  remediation: |
    - Ensure the `vsftpd` package is not installed unless explicitly required.
    - To remove the package, run: sudo apt-get remove vsftpd -y
  reference:
    - https://www.cisecurity.org/benchmark/ubuntu_linux
  metadata:
    verified: true
  tags: cis,cisecurity,audit,linux,ubuntu

self-contained: true

code:
  - engine:
      - bash
    args:
      - "-c"
      - |
        if dpkg-query -s vsftpd &>/dev/null; then
          echo "[ftp-server-check:Policy-Fail] [vsftpd is installed] [CIS_FAIL]"
        else
          echo "[ftp-server-check:Policy-Pass] [vsftpd is not installed] [CIS_PASS]"
        fi

    matchers:
      - type: word
        name: policy-pass
        words:
          - "Policy-Pass"

      - type: word
        name: policy-fail
        words:
          - "Policy-Fail"
# digest: 4b0a004830460221009fbfc8378f1cfbcd295c5540490db593f789bd1dd766cd202424146ebb9633f202210084a562aee94aada53a9040577b745c5e5fbf8fb2c43c4b59d46f572b9e22e0c8:922c64590222798bb761d5b6d8e72950
File name change 2025-08-19 18:07:27 +05:30			`id: ftp-server`
Ubuntu CIS Phase-2 2025-06-16 09:31:36 -07:00
			`info:`
			`name: Ensure FTP Server Service is Not Installed`
			`author: Th3l0newolf`
minor changes 2025-08-19 16:26:09 +05:30			`severity: info`
Ubuntu CIS Phase-2 2025-06-16 09:31:36 -07:00			`description: \|`
minor changes 2025-08-19 16:26:09 +05:30			`The vsftpd package provides an FTP server for file transfer services.Since FTP is unencrypted and insecure, it should only be installed when explicitly required.`
Ubuntu CIS Phase-2 2025-06-16 09:31:36 -07:00			`remediation: \|`
minor changes 2025-08-19 16:26:09 +05:30			- Ensure the `vsftpd` package is not installed unless explicitly required.
			`- To remove the package, run: sudo apt-get remove vsftpd -y`
Ubuntu CIS Phase-2 2025-06-16 09:31:36 -07:00			`reference:`
			`- https://www.cisecurity.org/benchmark/ubuntu_linux`
			`metadata:`
			`verified: true`
minor changes 2025-08-19 16:26:09 +05:30			`tags: cis,cisecurity,audit,linux,ubuntu`
Ubuntu CIS Phase-2 2025-06-16 09:31:36 -07:00
			`self-contained: true`

			`code:`
			`- engine:`
			`- bash`
			`args:`
			`- "-c"`
			`- \|`
			`if dpkg-query -s vsftpd &>/dev/null; then`
minor changes 2025-08-19 16:26:09 +05:30			`echo "[ftp-server-check:Policy-Fail] [vsftpd is installed] [CIS_FAIL]"`
Ubuntu CIS Phase-2 2025-06-16 09:31:36 -07:00			`else`
minor changes 2025-08-19 16:26:09 +05:30			`echo "[ftp-server-check:Policy-Pass] [vsftpd is not installed] [CIS_PASS]"`
Ubuntu CIS Phase-2 2025-06-16 09:31:36 -07:00			`fi`

			`matchers:`
			`- type: word`
			`name: policy-pass`
			`words:`
			`- "Policy-Pass"`

			`- type: word`
			`name: policy-fail`
			`words:`
chore: sign templates 🤖 2025-08-21 12:45:03 +00:00			`- "Policy-Fail"`
			`# digest: 4b0a004830460221009fbfc8378f1cfbcd295c5540490db593f789bd1dd766cd202424146ebb9633f202210084a562aee94aada53a9040577b745c5e5fbf8fb2c43c4b59d46f572b9e22e0c8:922c64590222798bb761d5b6d8e72950`