code/linux/audit/ftp-client.yaml

id: ftp-client

info:
  name: Ensure FTP Client is Not Installed
  author: Th3l0newolf
  severity: info
  description: |
    FTP clients such as ftp and tnftp use an unencrypted protocol that exposes sensitive data during transmission.These packages should only be installed when explicitly required, as their presence increases security risk.
  remediation: |
    - Ensure FTP client packages are not installed unless explicitly required.
    - To remove them, run: sudo apt-get remove ftp tnftp -y
  reference:
    - https://www.cisecurity.org/benchmark/ubuntu_linux
  metadata:
    verified: true
  tags: cis,local,cisecurity,audit,linux,ubuntu,ftp

self-contained: true

code:
  - engine:
      - bash

    args:
      - "-c"
      - |
        # Check if ftp or tnftp packages are installed
        if dpkg-query -W -f='${Package} ${Status}\n' ftp tnftp 2>/dev/null | grep -q "install ok installed"; then
          echo "[cis-ftp-client-check:Policy-Fail] [FTP client is installed] [CIS_FAIL]"
        else
          echo "[cis-ftp-client-check:Policy-Pass] [FTP client is not installed] [CIS_PASS]"
        fi

    matchers:
      - type: word
        name: policy-pass
        words:
          - "Policy-Pass"

      - type: word
        name: policy-fail
        words:
          - "Policy-Fail"
# digest: 4b0a004830460221009931d0824469b0f912ad65271a547776751ee25732f5edeb3dd030970429e5c20221009aa1b4785a01f1ea0ff8c06364a0875b2e56255115f6e001ca5e8c1e38f51faf:922c64590222798bb761d5b6d8e72950
file name, tags and Minor - changes 2025-08-19 18:03:12 +05:30			`id: ftp-client`
Ubuntu Phase 3 more templates 2025-06-18 23:58:37 -07:00
			`info:`
			`name: Ensure FTP Client is Not Installed`
			`author: Th3l0newolf`
file name, tags and Minor - changes 2025-08-19 18:03:12 +05:30			`severity: info`
Ubuntu Phase 3 more templates 2025-06-18 23:58:37 -07:00			`description: \|`
file name, tags and Minor - changes 2025-08-19 18:03:12 +05:30			`FTP clients such as ftp and tnftp use an unencrypted protocol that exposes sensitive data during transmission.These packages should only be installed when explicitly required, as their presence increases security risk.`
Ubuntu Phase 3 more templates 2025-06-18 23:58:37 -07:00			`remediation: \|`
file name, tags and Minor - changes 2025-08-19 18:03:12 +05:30			`- Ensure FTP client packages are not installed unless explicitly required.`
			`- To remove them, run: sudo apt-get remove ftp tnftp -y`
Ubuntu Phase 3 more templates 2025-06-18 23:58:37 -07:00			`reference:`
			`- https://www.cisecurity.org/benchmark/ubuntu_linux`
			`metadata:`
			`verified: true`
Local tag - update 2025-08-28 23:41:32 +05:30			`tags: cis,local,cisecurity,audit,linux,ubuntu,ftp`
Ubuntu Phase 3 more templates 2025-06-18 23:58:37 -07:00
			`self-contained: true`

			`code:`
			`- engine:`
			`- bash`

			`args:`
			`- "-c"`
			`- \|`
			`# Check if ftp or tnftp packages are installed`
			`if dpkg-query -W -f='${Package} ${Status}\n' ftp tnftp 2>/dev/null \| grep -q "install ok installed"; then`
file name, tags and Minor - changes 2025-08-19 18:03:12 +05:30			`echo "[cis-ftp-client-check:Policy-Fail] [FTP client is installed] [CIS_FAIL]"`
Ubuntu Phase 3 more templates 2025-06-18 23:58:37 -07:00			`else`
file name, tags and Minor - changes 2025-08-19 18:03:12 +05:30			`echo "[cis-ftp-client-check:Policy-Pass] [FTP client is not installed] [CIS_PASS]"`
Ubuntu Phase 3 more templates 2025-06-18 23:58:37 -07:00			`fi`

			`matchers:`
			`- type: word`
			`name: policy-pass`
			`words:`
			`- "Policy-Pass"`

			`- type: word`
			`name: policy-fail`
			`words:`
chore: sign templates 🤖 2025-08-21 12:45:03 +00:00			`- "Policy-Fail"`
chore: sign templates 🤖 2025-08-29 10:06:03 +00:00			`# digest: 4b0a004830460221009931d0824469b0f912ad65271a547776751ee25732f5edeb3dd030970429e5c20221009aa1b4785a01f1ea0ff8c06364a0875b2e56255115f6e001ca5e8c1e38f51faf:922c64590222798bb761d5b6d8e72950`