The tftp daemon must be disabled on AIX.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-215386	AIX7-00-003081	SV-215386r508663_rule		Medium

Description
The tftp service allows remote systems to download or upload files to the tftp server without any authentication. It is therefore a service that should not run, unless needed. One of the main reasons for requiring this service to be activated is if the host is a NIM master. However, the service can be enabled and then disabled once a NIM operation has completed, rather than left running permanently.

Description

The tftp service allows remote systems to download or upload files to the tftp server without any authentication. It is therefore a service that should not run, unless needed. One of the main reasons for requiring this service to be activated is if the host is a NIM master. However, the service can be enabled and then disabled once a NIM operation has completed, rather than left running permanently.

STIG	Date
IBM AIX 7.x Security Technical Implementation Guide	2021-06-16

Details

Check Text ( C-16584r294609_chk )
From the command prompt, execute the following command: # grep "^tftp[[:blank:]]" /etc/inetd.conf If there is any output from the command, this is a finding.

Fix Text (F-16582r294610_fix)
In "/etc/inetd.conf", comment out the "tftp" entry by running command: # chsubserver -r inetd -C /etc/inetd.conf -d -v 'tftp' -p 'udp' Restart inetd: # refresh -s inetd