Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Red Hat Enterprise Linux 9 Security Technical Implementation Guide
SRG-OS-000480-GPOS-00227
RHEL 9 must not have a Trivial File Transfer Protocol (TFTP) server package installed.
RHEL 9 must not have a Trivial File Transfer Protocol (TFTP) server package installed.
An XCCDF Rule
Details
Profiles
Prose
RHEL 9 must not have a Trivial File Transfer Protocol (TFTP) server package installed.
High Severity
<VulnDiscussion>Removing the "tftp-server" package decreases the risk of the accidental (or intentional) activation of tftp services. If TFTP is required for operational support (such as transmission of router configurations), its use must be documented with the information systems security manager (ISSM), restricted to only authorized personnel, and have access control rules established.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>