Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
RHEL-06-000338 | RHEL-06-000338 | RHEL-06-000338_rule | High |
Description |
---|
Using the "-s" option causes the TFTP service to only serve files from the given directory. Serving files from an intentionally-specified directory reduces the risk of sharing files which should remain private. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2013-02-05 |
Check Text ( C-RHEL-06-000338_chk ) |
---|
Verify "tftp" is configured by with the "-s" option by running the following command. grep "server_args" /etc/xinetd.d/tftp The output should indicate the "server_args" variable is configured with the "-s" flag, matching the example below. # grep "server_args" /etc/xinetd.d/tftp server_args = -s /var/lib/tftpboot |
Fix Text (F-RHEL-06-000338_fix) |
---|
If running the "tftp" service is necessary, it should be configured to change its root directory at startup. To do so, ensure "/etc/xinetd.d/tftp" includes "-s" as a command line argument, as shown in the following example (which is also the default): server_args = -s /var/lib/tftpboot |