This article attempts to explain what to expect from the Control Compliance Suite Message Based Collection (MBC): Module "Network Integrity" with check "Anonymous FTP shell". It also explains how to work with the check's current limitation.
Currently the check reports an informational (yellow) message when it finds an anonymous ftp account in your password file. Once it finds that account, it reports the shell for that user, irrespective if the shell is valid or not - the check/message is informational only and the check's Summary mentions:
An anonymous ftp account is present in your password file. For security reasons, the shell specified for this account should not be a valid one (e.g. /bin/false). This prevents users from logging in as the ftp user. If no shell is specified in the password file, the default shell will be used. You should verify that the shell specified is not a valid one.
As stated, the check just reports on the shell - it does not attempt to determine if the shell would be considered a good or a bad one.
Control Compliance Suite 11.x
Message Based Collection (MBC)
Module "Network Integrity" with check "Anonymous FTP shell"
You could create suppressions for the check based on the shell i.e. if the shell is acceptable, we suppress it, so it will only report when the shell is not what you expect and/or finds acceptable. Image this kind of suppression:
And maybe another one for the value “/bin/false” in the information field, that way the “Anonymous FTP shell” message only gets reported when the shell is not /bin/nologin or /bin/false – in effect only reporting when it’s set incorrectly/unexpected.