Hello all-

My brain is misfiring and I need to ask for some advice. We are conducting on audit on some HP-UX 11.i servers and found one server, deemed a public ftp server, to have anoymous ftp. But we also found that the admins have enabled shadowed passwords. Now my first thought is that they need to disable ftp post-haste, but am I wrong on this? Can /etc/shadow be compromised and lead to the compromise of /etc/passwd? I think so, but again my brain is misfiring right now.

Also - as stated before, I believe they should have ftp turned off, even if they have imposed disk quota limits and move to ssh. The reason I ask this is because... they do not have ssh deployed everywhere and I have preached til I was coarse - so I was looking for some advice there as well.

Thanks in advance.