An error occurred:

Tri-Lab Operating System Stack (TOSS) 4 STIG Version Comparison

Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide

Comparison

There are 1 differences between versions v2 r1 (July 24, 2024) (the "left" version) and v2 r3 (Oct. 1, 2025) (the "right" version).

Check TOSS-04-040600 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Text Differences

Title

If the Trivial File Transfer Protocol (TFTP) server is required, the TOSS TFTP daemon must be configured to operate in secure mode.

Check Content

Verify Note: If TFTP is not required, it should not be installed. If TFTP is not installed, this rule is not applicable. Determine if TFTP server is installed with the following command: $ sudo dnf list installed | grep tftp-server tftp-server.x86_64 x.x-x.el8 Verify that the TFTP daemon daemon, if tftp.server is installed, is configured to operate in secure mode with the following commands: $ command: $ sudo yum list grep -i execstart /usr/lib/systemd/system/tftp.service ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot If TFTP is installed and tftp-server tftp-server.x86_64 x.x-x.el8 If a TFTP server is not documented installed, this is Not Applicable. If a TFTP server is installed, check for the server arguments with the information system security officer (ISSO) as following command: $ sudo grep server_args /etc/xinetd.d/tftp server_args = -s /var/lib/tftpboot If the "server_args" line does not have a "-s" option, and an operational requirement, a subdirectory is not assigned, this is a finding. finding. Note: The "-s" option ensures that the TFTP server only serves files from the specified directory, which is a security measure to prevent unauthorized access to other parts of the file system.

Discussion

Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.

Fix

Configure the TFTP daemon to operate in secure mode with by adding the following line to "/etc/xinetd.d/tftp" (or modify command: $ sudo systemctl edit tftp.service In the line to have editor enter: [Service] ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot After making changes, reload the required value): server_args = -s /var/lib/tftpboot systemd daemon and restart the TFTP service as follows: $ sudo systemctl daemon-reload $ sudo systemctl restart tftp.service