{"description": "Add or correct the following configuration options within the vsftpd\nconfiguration file, located at /etc/vsftpd/vsftpd.conf:\nxferlog_enable=YES\nxferlog_std_format=NO\nlog_ftp_protocol=YES
", "rationale": "To trace malicious activity facilitated by the FTP service, it must be configured to ensure that all commands sent to\nthe FTP server are logged using the verbose vsftpd log\nformat. The default vsftpd log file is /var/log/vsftpd.log.", "severity": "unknown", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "xferlog_enable is missing, or is not set to yes", "ocil": "Find if logging is applied to the FTP daemon.\n
\nProcedures:\n
\nIf vsftpd is started by xinetd the following command will indicate the xinetd.d startup file:\n$ grep vsftpd /etc/xinetd.d/*
\n$ grep server_args vsftpd xinetd.d startup file
\nThis will indicate the vsftpd config file used when starting through xinetd.\nIf the server_args line is missing or does not include the vsftpd configuration file, then the default config file (/etc/vsftpd/vsftpd.conf) is used.\n$ sudo grep xferlog_enable vsftpd config file
", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [{"general": "If verbose logging to vsftpd.log is done, sparse logging of\ndownloads to /var/log/xferlog will not also occur. However,\nthe information about what files were downloaded is included in the\ninformation logged to vsftpd.log."}], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Enable Logging of All FTP Transactions", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml", "template": null}