Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
If the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon must be configured to operate in secure mode.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-72305 | RHEL-07-040720 | SV-86929r1_rule | Medium |
| Description |
|---|
| Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 7 Security Technical Implementation Guide | 2017-07-08 |
Details
| Check Text ( C-72539r1_chk ) |
|---|
| Verify the TFTP daemon is configured to operate in secure mode. Check to see if a TFTP server has been installed with the following commands: # yum list installed | grep tftp tftp-0.49-9.el7.x86_64.rpm If a TFTP server is not installed, this is Not Applicable. If a TFTP server is installed, check for the server arguments with the following command: # grep server_arge /etc/xinetd.d/tftp server_args = -s /var/lib/tftpboot If the "server_args" line does not have a "-s" option and a subdirectory is not assigned, this is a finding. |
| Fix Text (F-78659r1_fix) |
|---|
| Configure the TFTP daemon to operate in secure mode by adding the following line to "/etc/xinetd.d/tftp" (or modify the line to have the required value): server_args = -s /var/lib/tftpboot |