Skip to content

2.1.6 Ensure ftp server services are not in use

Audit#

Run the following command to verify vsftpd is not installed: 

# dpkg-query -s vsftpd &>/dev/null && echo "vsftpd is installed"
Nothing should be returned.

- OR - - IF - the package is required for dependencies: Run the following command to verify vsftpd service is not enabled: 

# systemctl is-enabled vsftpd.service 2>/dev/null | grep 'enabled'
Nothing should be returned.

Run the following command to verify vsftpd service is not active: 

# systemctl is-active vsftpd.service 2>/dev/null | grep '^active'
Nothing should be returned.

Note: If the package is required for a dependency - Ensure the dependent package is approved by local site policy - Ensure stopping and masking the service and/or socket meets local site policy

Remediation#

Run the following commands to stop vsftpd.service and remove the vsftpd package: 

# systemctl stop vsftpd.service
# apt purge vsftpd

- OR - - IF - the vsftpd package is required as a dependency: Run the following commands to stop and mask vsftpd.service: 

# systemctl stop vsftpd.service
# systemctl mask vsftpd.service

Note: Other ftp server packages may exist. If not required and authorized by local site policy, they should also be removed. If the package is required for a dependency, the service should be stopped and masked.