2.1.4 Ensure TFTP daemon is configured to operate in secure mode.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The operating system must be configured so that if the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon is configured to operate in secure mode.

Rationale:

Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.

Solution

Configure the TFTP daemon to operate in secure mode by adding the following line to /etc/xinetd.d/tftp (or modify the line to have the required value):
Example: vim /etc/xinetd.d/tftp
Add this line.

server_args = -s /var/lib/tftpboot

Notes:

This Benchmark recommendation maps to:

Red Hat Enterprise Linux 7 Security Technical Implementation Guide:

Version 2, Release: 3 Benchmark Date: 26 Apr 2019



Vul ID: V-72305

Rule ID: SV-86929r3_rule

STIG ID: RHEL-07-040720

Severity: CAT II

See Also

https://workbench.cisecurity.org/files/2688