Suspicious File Content
admin_accounts_in_ftpusers
This check audits if all admin accounts, users with UID less than 500, are present in /etc/ftpusers, /etc/ftpd/ftpusers, or /etc/vsftpd.ftpusers.
Usage
<item>
name: "admin_accounts_in_ftpusers"
description: "This check makes sure every account whose UID is below 500 is present in /etc/ftpusers."
</item>