{"description": "Is there a mission-critical reason for users to transfer files to/from their own accounts\nusing FTP, rather than using a secure protocol like SCP/SFTP? If not, edit the vsftpd\nconfiguration file. Add or correct the following configuration option:\n\n<pre>local_enable=NO</pre>\n\nIf non-anonymous FTP logins are necessary, follow the guidance in the remainder of\nthis section to secure these logins as much as possible.", "rationale": "The use of non-anonymous FTP logins is strongly discouraged. Since SSH clients \nand servers are widely available, and since SSH provides support for a transfer\nmode which resembles FTP in user interface, there is no good reason to allow\npassword-based FTP access.'", "severity": "medium", "references": {"cis-csc": ["11", "12", "14", "15", "16", "18", "3", "5", "9"], "cobit5": ["BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05", "DSS05.02", "DSS05.04", "DSS05.05", "DSS05.07", "DSS06.03", "DSS06.06"], "isa-62443-2009": ["4.3.3.2.2", "4.3.3.5.1", "4.3.3.5.2", "4.3.3.5.3", "4.3.3.5.4", "4.3.3.5.5", "4.3.3.5.6", "4.3.3.5.7", "4.3.3.5.8", "4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9", "4.3.3.7.1", "4.3.3.7.2", "4.3.3.7.3", "4.3.3.7.4", "4.3.4.3.2", "4.3.4.3.3"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.11", "SR 1.12", "SR 1.13", "SR 1.2", "SR 1.3", "SR 1.4", "SR 1.5", "SR 1.6", "SR 1.7", "SR 1.8", "SR 1.9", "SR 2.1", "SR 2.2", "SR 2.3", "SR 2.4", "SR 2.5", "SR 2.6", "SR 2.7", "SR 7.6"], "iso27001-2013": ["A.12.1.2", "A.12.5.1", "A.12.6.2", "A.14.2.2", "A.14.2.3", "A.14.2.4", "A.6.1.2", "A.7.1.1", "A.9.1.2", "A.9.2.1", "A.9.2.3", "A.9.4.1", "A.9.4.4", "A.9.4.5"], "nist": ["CM-7(a)", "CM-7(b)", "CM-6(a)", "AC-3", "AC-17(a)"], "nist-csf": ["PR.AC-4", "PR.AC-6", "PR.IP-1", "PR.PT-3"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Restrict Access to Anonymous Users if Possible", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml", "template": null}