Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-38701 | RHEL-06-000338 | SV-50502r1_rule | High |
Description |
---|
Using the "-s" option causes the TFTP service to only serve files from the given directory. Serving files from an intentionally specified directory reduces the risk of sharing files which should remain private. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2017-04-28 |
Check Text ( None ) |
---|
None |
Fix Text (F-43650r1_fix) |
---|
If running the "tftp" service is necessary, it should be configured to change its root directory at startup. To do so, ensure "/etc/xinetd.d/tftp" includes "-s" as a command line argument, as shown in the following example (which is also the default): server_args = -s /var/lib/tftpboot |