Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-204623 | RHEL-07-040720 | SV-204623r603261_rule | Medium |
Description |
---|
Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 7 Security Technical Implementation Guide | 2022-12-06 |
Check Text ( C-4747r89061_chk ) |
---|
Verify the TFTP daemon is configured to operate in secure mode. Check to see if a TFTP server has been installed with the following commands: # yum list installed tftp-server tftp-server.x86_64 x.x-x.el7 rhel-7-server-rpms If a TFTP server is not installed, this is Not Applicable. If a TFTP server is installed, check for the server arguments with the following command: # grep server_args /etc/xinetd.d/tftp server_args = -s /var/lib/tftpboot If the "server_args" line does not have a "-s" option and a subdirectory is not assigned, this is a finding. |
Fix Text (F-4747r89062_fix) |
---|
Configure the TFTP daemon to operate in secure mode by adding the following line to "/etc/xinetd.d/tftp" (or modify the line to have the required value): server_args = -s /var/lib/tftpboot |