2.2.22 Ensure TFTP daemon is configured to operate in secure mode - TFTP server is required, the TFTP daemon is configured to operate in secure mode.

Information

The operating system must be configured so that if the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon is configured to operate in secure mode.

Rationale:

Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.

Solution

Configure the TFTP daemon to operate in secure mode by adding the following line to /etc/xinetd.d/tftp (or modify the line to have the required value):
Example: vim /etc/xinetd.d/tftp
Add this line.

server_args = -s /var/lib/tftpboot

See Also

https://workbench.cisecurity.org/files/3636

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CCI|CCI-000366, CSCv7|9.2, Rule-ID|SV-204623r603261_rule, STIG-ID|RHEL-07-040720

Plugin: Unix

Control ID: 0b172847633f923bbc8dabef7a06eaee22076551e5b01dbdbb232dbde7dd6c33