UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

If the Trivial File Transfer Protocol (TFTP) server is required, the RHEL 8 TFTP daemon must be configured to operate in secure mode.


Overview

Finding ID Version Rule ID IA Controls Severity
V-230557 RHEL-08-040350 SV-230557r627750_rule Medium
Description
Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.
STIG Date
Red Hat Enterprise Linux 8 Security Technical Implementation Guide 2022-09-07

Details

Check Text ( C-33226r568417_chk )
Verify the TFTP daemon is configured to operate in secure mode with the following commands:

$ sudo yum list installed tftp-server

tftp-server.x86_64 x.x-x.el8

If a TFTP server is not installed, this is Not Applicable.

If a TFTP server is installed, check for the server arguments with the following command:

$ sudo grep server_args /etc/xinetd.d/tftp

server_args = -s /var/lib/tftpboot

If the "server_args" line does not have a "-s" option, and a subdirectory is not assigned, this is a finding.
Fix Text (F-33201r568418_fix)
Configure the TFTP daemon to operate in secure mode by adding the following line to "/etc/xinetd.d/tftp" (or modify the line to have the required value):

server_args = -s /var/lib/tftpboot