>From 897339e0bfacadb9269ea855e7050bffc810a910 Mon Sep 17 00:00:00 2001 From: Shawn Wells <sh...@redhat.com> Date: Wed, 19 Sep 2012 11:18:36 -0400 Subject: [PATCH 01/14] Created OCIL for ftp_present_banner - Updated text to reflect default config file location at /etc/vsftpd/vsftpd.conf - Created OCIL text to grep out the value of banner_file and ensure it is "/etc/issue"
--- RHEL6/input/services/ftp.xml | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/RHEL6/input/services/ftp.xml b/RHEL6/input/services/ftp.xml index da0a476..9586a14 100644 --- a/RHEL6/input/services/ftp.xml +++ b/RHEL6/input/services/ftp.xml @@ -85,7 +85,8 @@ format. The default vsftpd log file is /var/log/vsftpd.log.</rationale> <Rule id="ftp_present_banner"> <title>Create Warning Banners for All FTP Users</title> -<description>Edit the vsftpd configuration file. Add or correct the following configuration options: +<description>Edit the vsftpd configuration file, which resides at <tt>/etc/vsftpd/vsftpd.conf</tt> +by default. Add or correct the following configuration options: <pre>banner_file=/etc/issue</pre> </description> <rationale>This setting will cause the system greeting banner to be used for FTP connections as well.</rationale> @@ -93,6 +94,12 @@ format. The default vsftpd log file is /var/log/vsftpd.log.</rationale> <ref disa="48" /> <!--<oval id="ftp_present_banner" />--> <!--<ref nist="CM-6, CM-7" /> --> +<ocil>To verify this configuration, run the following command: +<pre>grep "banner_file" /etc/vsftpd/vsftpd.conf</pre> + +The output should show the value of <tt>banner_file</tt> is set to <tt>/etc/issue</tt>, an example of which is shown below: +<pre># grep "banner_file" /etc/issue +banner_file=/etc/issue"</pre></ocil> </Rule> <Group id="ftp_restrict_users"> -- 1.7.1
_______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
