{"description": "If any directories that contain dynamic scripts can be accessed via FTP by\nany group or user that does not require access, remove permissions to such\ndirectories that allow anonymous access. Also, ensure that any such\naccess employs an encrypted connection.", "rationale": "The directories containing the CGI scripts, such as PERL, must not be\naccessible to anonymous users via FTP. This applies to all directories that\ncontain scripts that can dynamically produce web pages in an interactive manner\n(i.e., scripts based upon user-provided input). Such scripts contain information\nthat could be used to compromise a web service, access system resources, or\ndeface a web site.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "it is not", "ocil": "Locate the directories containing the CGI scripts. These directories should be\nlanguage-specific (e.g., PERL, ASP, JS, JSP, etc.). Examine the file permissions\non the directories using the following command:\n<pre>ls -l <i>directories</i></pre>\nAnonymous FTP users must not have access to these directories.", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Disable Anonymous FTP Access", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml", "template": null}