The TFTP daemon must be configured to vendor specifications, including a dedicated TFTP user account, a non-login shell such as /bin/false, and a home directory owned by the TFTP user.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-849 | GEN005120 | SV-35157r1_rule | ECSC-1 | Medium |
| Description |
|---|
| If TFTP has a valid shell, it increases the likelihood that someone could logon to the TFTP account and compromise the system. |
| STIG | Date |
|---|---|
| HP-UX 11.31 Security Technical Implementation Guide | 2017-01-27 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-31962r1_fix) |
|---|
| Create a tftp user account if none exists. Assign a non-login shell to the tftp user account, such as /usr/bin/false. Assign/create the tftp user account home directory where/as necessary. Ensure the home directory is owned by the tftp user. |