If the Trivial File Transfer Protocol (TFTP) server is required, the TOSS TFTP daemon must be configured to operate in secure mode.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-253102 | TOSS-04-040600 | SV-253102r824978_rule | Medium |
| Description |
|---|
| Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files. |
| STIG | Date |
|---|---|
| Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide | 2022-08-29 |
Details
| Check Text ( C-56555r824976_chk ) |
|---|
| Verify the TFTP daemon is configured to operate in secure mode with the following commands: $ sudo yum list installed tftp-server tftp-server.x86_64 x.x-x.el8 If a TFTP server is not installed, this is Not Applicable. If a TFTP server is installed, check for the server arguments with the following command: $ sudo grep server_args /etc/xinetd.d/tftp server_args = -s /var/lib/tftpboot If the "server_args" line does not have a "-s" option, and a subdirectory is not assigned, this is a finding. |
| Fix Text (F-56505r824977_fix) |
|---|
| Configure the TFTP daemon to operate in secure mode by adding the following line to "/etc/xinetd.d/tftp" (or modify the line to have the required value): server_args = -s /var/lib/tftpboot |