UCF STIG Viewer Logo

If the Trivial File Transfer Protocol (TFTP) server is required, the OL 8 TFTP daemon must be configured to operate in secure mode.


Overview

Finding ID Version Rule ID IA Controls Severity
V-248902 OL08-00-040350 SV-248902r780272_rule Medium
Description
Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.
STIG Date
Oracle Linux 8 Security Technical Implementation Guide 2022-12-06

Details

Check Text ( C-52336r780270_chk )
Verify the TFTP daemon is configured to operate in secure mode with the following commands:

$ sudo yum list installed tftp-server

tftp-server.x86_64 x.x-x.el8

If a TFTP server is not installed, this is not applicable.

If a TFTP server is installed, check for the server arguments with the following command:

$ sudo grep server_args /etc/xinetd.d/tftp

server_args = -s /var/lib/tftpboot

If the "server_args" line does not have a "-s" option and a subdirectory is not assigned, this is a finding.
Fix Text (F-52290r780271_fix)
Configure the TFTP daemon to operate in secure mode by adding the following line to "/etc/xinetd.d/tftp" (or modify the line to have the required value):

server_args = -s /var/lib/tftpboot