iCompaas Support

Profile Applicability:
 • Level 1

Description:
 FTP server services provide file transfer capabilities over the network. If not required, these services should be disabled to minimize security risks associated with unencrypted data transfer and potential unauthorized access.

Rationale:
 Disabling unused FTP services reduces the attack surface by preventing unauthorized file transfers and mitigating exploitation of known FTP vulnerabilities.

Impact:
 Pros:

• Limits exposure to FTP-related attacks.
  

• Reduces unnecessary network services running on the system.
  

Cons:

• Disabling FTP may impact legitimate file transfer workflows if used.
  

Default Value:
 FTP server services may be enabled or running by default on some systems.

Pre-requisites:

• Root or sudo privileges to manage system services.
  

Remediation:

Test Plan:

Using Linux command line:

1. Check if FTP server service is enabled:

systemctl is-enabled vsftpd  
systemctl is-enabled proftpd  
systemctl is-enabled pure-ftpd

2. Check if FTP server service is running:

systemctl status vsftpd  
systemctl status proftpd  
systemctl status pure-ftpd

Implementation Plan:

Using Linux command line:

1. Disable FTP server services:

systemctl disable vsftpd  
systemctl disable proftpd  
systemctl disable pure-ftpd

2. Stop running FTP server services:

systemctl stop vsftpd  
systemctl stop proftpd  
systemctl stop pure-ftpd

3. Verify services are disabled and stopped:

systemctl is-enabled vsftpd  
systemctl is-enabled proftpd  
systemctl is-enabled pure-ftpd  
systemctl status vsftpd  
systemctl status proftpd  
systemctl status pure-ftpd

Backout Plan:

Using Linux command line:

1. Enable and start FTP server services if required:

systemctl enable vsftpd  
systemctl start vsftpd  
systemctl enable proftpd  
systemctl start proftpd  
systemctl enable pure-ftpd  
systemctl start pure-ftpd

2. Verify service status.

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• Systemd Service Management