If the Trivial File Transfer Protocol (TFTP) server is required, the TOSS TFTP daemon must be configured to operate in secure mode.

An XCCDF Rule

Description

Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.

ID: SV-253102r991589_rule
Version: TOSS-04-040600
Severity: Medium
References: CCI-000366
Updated: 26 days ago

Remediation Templates

Configure the TFTP daemon to operate in secure mode by adding the following line to "/etc/xinetd.d/tftp" (or modify the line to have the required value):

server_args = -s /var/lib/tftpboot