The tftp daemon must be disabled on AIX.
An XCCDF Rule
Description
The tftp service allows remote systems to download or upload files to the tftp server without any authentication. It is therefore a service that should not run, unless needed. One of the main reasons for requiring this service to be activated is if the host is a NIM master. However, the service can be enabled and then disabled once a NIM operation has completed, rather than left running permanently.
- ID
- SV-215386r958478_rule
- Version
- AIX7-00-003081
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
In "/etc/inetd.conf", comment out the "tftp" entry by running command:
# chsubserver -r inetd -C /etc/inetd.conf -d -v 'tftp' -p 'udp'
Restart inetd:
# refresh -s inetd