The Red Hat Enterprise Linux operating system must be configured so that if the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon is configured to operate in secure mode.

From Red Hat Enterprise Linux 7 Security Technical Implementation Guide

Associated with: CCI-000366

SV-86929r3_rule The Red Hat Enterprise Linux operating system must be configured so that if the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon is configured to operate in secure mode.

Vulnerability discussion

Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.

Check content

Verify the TFTP daemon is configured to operate in secure mode. Check to see if a TFTP server has been installed with the following commands: # yum list installed tftp-server tftp-server.x86_64 x.x-x.el7 rhel-7-server-rpms If a TFTP server is not installed, this is Not Applicable. If a TFTP server is installed, check for the server arguments with the following command: # grep server_args /etc/xinetd.d/tftp server_args = -s /var/lib/tftpboot If the "server_args" line does not have a "-s" option and a subdirectory is not assigned, this is a finding.

Fix text

Configure the TFTP daemon to operate in secure mode by adding the following line to "/etc/xinetd.d/tftp" (or modify the line to have the required value): server_args = -s /var/lib/tftpboot

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.