code/linux/audit/ftp-server.yaml

id: ftp-server

info:
  name: Ensure FTP Server Service is Not Installed
  author: Th3l0newolf
  severity: info
  description: |
    The vsftpd package provides an FTP server for file transfer services.Since FTP is unencrypted and insecure, it should only be installed when explicitly required.
  remediation: |
    - Ensure the `vsftpd` package is not installed unless explicitly required.
    - To remove the package, run: sudo apt-get remove vsftpd -y
  reference:
    - https://www.cisecurity.org/benchmark/ubuntu_linux
  metadata:
    verified: true
  tags: cis,local,cisecurity,audit,linux,ubuntu

self-contained: true

code:
  - engine:
      - bash
    args:
      - "-c"
      - |
        if dpkg-query -s vsftpd &>/dev/null; then
          echo "[ftp-server-check:Policy-Fail] [vsftpd is installed] [CIS_FAIL]"
        else
          echo "[ftp-server-check:Policy-Pass] [vsftpd is not installed] [CIS_PASS]"
        fi

    matchers:
      - type: word
        name: policy-pass
        words:
          - "Policy-Pass"

      - type: word
        name: policy-fail
        words:
          - "Policy-Fail"
# digest: 4b0a00483046022100c7ff63a06f5cf7394699255c1d518450d6d10317334a8f9081e4ac9dddaee5cf022100ab8764795bc72e40aceaedce98a29e587514c46693d1d06ab62a619416179bed:922c64590222798bb761d5b6d8e72950
File name change 2025-08-19 18:07:27 +05:30			`id: ftp-server`
Ubuntu CIS Phase-2 2025-06-16 09:31:36 -07:00
			`info:`
			`name: Ensure FTP Server Service is Not Installed`
			`author: Th3l0newolf`
minor changes 2025-08-19 16:26:09 +05:30			`severity: info`
Ubuntu CIS Phase-2 2025-06-16 09:31:36 -07:00			`description: \|`
minor changes 2025-08-19 16:26:09 +05:30			`The vsftpd package provides an FTP server for file transfer services.Since FTP is unencrypted and insecure, it should only be installed when explicitly required.`
Ubuntu CIS Phase-2 2025-06-16 09:31:36 -07:00			`remediation: \|`
minor changes 2025-08-19 16:26:09 +05:30			- Ensure the `vsftpd` package is not installed unless explicitly required.
			`- To remove the package, run: sudo apt-get remove vsftpd -y`
Ubuntu CIS Phase-2 2025-06-16 09:31:36 -07:00			`reference:`
			`- https://www.cisecurity.org/benchmark/ubuntu_linux`
			`metadata:`
			`verified: true`
Local tag - update 2025-08-28 23:41:32 +05:30			`tags: cis,local,cisecurity,audit,linux,ubuntu`
Ubuntu CIS Phase-2 2025-06-16 09:31:36 -07:00
			`self-contained: true`

			`code:`
			`- engine:`
			`- bash`
			`args:`
			`- "-c"`
			`- \|`
			`if dpkg-query -s vsftpd &>/dev/null; then`
minor changes 2025-08-19 16:26:09 +05:30			`echo "[ftp-server-check:Policy-Fail] [vsftpd is installed] [CIS_FAIL]"`
Ubuntu CIS Phase-2 2025-06-16 09:31:36 -07:00			`else`
minor changes 2025-08-19 16:26:09 +05:30			`echo "[ftp-server-check:Policy-Pass] [vsftpd is not installed] [CIS_PASS]"`
Ubuntu CIS Phase-2 2025-06-16 09:31:36 -07:00			`fi`

			`matchers:`
			`- type: word`
			`name: policy-pass`
			`words:`
			`- "Policy-Pass"`

			`- type: word`
			`name: policy-fail`
			`words:`
chore: sign templates 🤖 2025-08-21 12:45:03 +00:00			`- "Policy-Fail"`
chore: sign templates 🤖 2025-08-29 10:06:03 +00:00			`# digest: 4b0a00483046022100c7ff63a06f5cf7394699255c1d518450d6d10317334a8f9081e4ac9dddaee5cf022100ab8764795bc72e40aceaedce98a29e587514c46693d1d06ab62a619416179bed:922c64590222798bb761d5b6d8e72950`