Remove tftp Daemon

An XCCDF Rule

Description

Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol, typically used to automatically transfer configuration or boot files between systems. TFTP does not support authentication and can be easily hacked. The package tftp is a client program that allows for connections to a tftp server.

Rationale

It is recommended that TFTP be removed, unless there is a specific need for TFTP (such as a boot server). In that case, use extreme caution when configuring the services.

ID: xccdf_org.ssgproject.content_rule_package_tftp_removed
Severity: Low
References: 2.2 2.2.4

2.3.5

R62
Updated: over 1 year ago

Remediation Templates

- name: Ensure tftp is removed
  package:
    name: tftp
    state: absent
  tags:
  - PCI-DSSv4-2.2  - PCI-DSSv4-2.2.4
  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - package_tftp_removed

package remove tftp

dnf remove tftp

include remove_tftp
class remove_tftp {
  package { 'tftp':
    ensure => 'purged',
  }
}

package --remove=tftp

# CAUTION: This remediation script will remove tftp
#	   from the system, and may remove any packages
#	   that depend on tftp. Execute this
#	   remediation AFTER testing on a non-production
#	   system!
if rpm -q --quiet "tftp" ; then
yum remove -y "tftp"
fi

Remove tftp Daemon

Description

Rationale

Remediation Templates

An Ansible Snippet

script:kickstart

script:bootc

A Puppet Snippet

Anaconda Pre-Install Instructions

A Shell Script