id: ftp-client

info:
  name: Ensure FTP Client is Not Installed
  author: Th3l0newolf
  severity: info
  description: |
    FTP clients such as ftp and tnftp use an unencrypted protocol that exposes sensitive data during transmission.These packages should only be installed when explicitly required, as their presence increases security risk.
  remediation: |
    - Ensure FTP client packages are not installed unless explicitly required.
    - To remove them, run: sudo apt-get remove ftp tnftp -y
  reference:
    - https://www.cisecurity.org/benchmark/ubuntu_linux
  metadata:
    verified: true
  tags: cis,local,cisecurity,audit,linux,ubuntu,ftp

self-contained: true

code:
  - engine:
      - bash

    args:
      - "-c"
      - |
        # Check if ftp or tnftp packages are installed
        if dpkg-query -W -f='${Package} ${Status}\n' ftp tnftp 2>/dev/null | grep -q "install ok installed"; then
          echo "[cis-ftp-client-check:Policy-Fail] [FTP client is installed] [CIS_FAIL]"
        else
          echo "[cis-ftp-client-check:Policy-Pass] [FTP client is not installed] [CIS_PASS]"
        fi

    matchers:
      - type: word
        name: policy-pass
        words:
          - "Policy-Pass"

      - type: word
        name: policy-fail
        words:
          - "Policy-Fail"
# digest: 4b0a004830460221009931d0824469b0f912ad65271a547776751ee25732f5edeb3dd030970429e5c20221009aa1b4785a01f1ea0ff8c06364a0875b2e56255115f6e001ca5e8c1e38f51faf:922c64590222798bb761d5b6d8e72950