Check or Attack Name: ftpanon

Anonymous FTP is enabled. If FTP services are present, allowing only anonymous access prevents valid user-password pairs from being passed across the network.

Disable the FTP service or confirm that anonymous FTP is set up correctly.

Unix: To disable the FTP service:

1. Edit the /etc/inetd.conf (or equivalent) file.
2. Locate the line that controls the ftpd daemon.
3. Type a # at the beginning of the line to comment out the daemon.
4. Restart inetd.

Proper configuration of the FTP server is critical. If an anonymous login is permitted, be certain to:

• Create the correct home directories for exclusive use of ftpd, such as ~ftp/bin, ~ftp/etc, and ~ftp/pub.
• Place actual files (rather than symbolic links) in the ftp home directories.
• Create a special ftp account that points to the ftp home directory.
• Alter the ftp passwd file to contain entries only for root and ftp.
• Alter the group file to contain only the ftp group.
• Use chown to apply the appropriate owners to the directories.
• Use chmod to apply the correct permissions to all directories and files.
• Secure any open repository directories so they cannot be used as drop points.

For the appropriate values and permissions for your FTP server, refer to your FTP documentation.

Windows: Stop or disable the FTP service from the Services control panel:

1. Open the Services control panel. From the Windows NT Start menu, select Settings, Control Panel, Services.
2. Select the service.
3. Click Stop.
4. When the service has stopped, click Startup.
5. To permanently disable the service, click Disabled.
6. Click OK, then click Close.