Check: RHEL-08-040350
RHEL 8 STIG:
RHEL-08-040350
(in versions v2 r1 through v1 r1)
Title
If the Trivial File Transfer Protocol (TFTP) server is required, the RHEL 8 TFTP daemon must be configured to operate in secure mode. (Cat II impact)
Discussion
Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.
Check Content
Verify the TFTP daemon is configured to operate in secure mode with the following commands: $ sudo yum list installed tftp-server tftp-server.x86_64 x.x-x.el8 If a TFTP server is not installed, this is Not Applicable. If a TFTP server is installed, check for the server arguments with the following command: $ sudo grep server_args /etc/xinetd.d/tftp server_args = -s /var/lib/tftpboot If the "server_args" line does not have a "-s" option, and a subdirectory is not assigned, this is a finding.
Fix Text
Configure the TFTP daemon to operate in secure mode by adding the following line to "/etc/xinetd.d/tftp" (or modify the line to have the required value): server_args = -s /var/lib/tftpboot
Additional Identifiers
Rule ID: SV-230557r1017319_rule
Vulnerability ID: V-230557
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |