CCE-90776-6| Platform: cpe:/o:centos:centos:7, cpe:/o:redhat:enterprise_linux:7 | Date: (C)2017-06-29 (M)2023-07-04 |
Add or correct the following configuration options within the 'vsftpd'
configuration file, located at '/etc/vsftpd/vsftpd.conf':
xferlog_enable=YES
xferlog_std_format=NO
log_ftp_protocol=YES
Parameter:
[yes/no]
Technical Mechanism:
To trace malicious activity facilitated by the FTP service, it must be configured to ensure that all commands sent to
the FTP server are logged using the verbose vsftpd log
format. The default vsftpd log file is '/var/log/vsftpd.log'.
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 7.3 | Attack Vector: NETWORK |
| Exploit Score: 3.9 | Attack Complexity: LOW |
| Impact Score: 3.4 | Privileges Required: NONE |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| | Confidentiality: LOW |
| | Integrity: LOW |
| | Availability: LOW |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31184 |
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30461 |
