If the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon must be configured to operate in secure mode.

An XCCDF Rule

Details
Profiles

Description

Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files. Using the "-s" option causes the TFTP service to only serve files from the given directory.

ID: SV-269272r1050154_rule
Version: ALMA-09-021690
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Configure the TFTP daemon to operate in secure mode with the following command:

$ systemctl edit tftp.service

Insert the following between the two sets of comments, making sure to add the "-s" option with a nonroot ("/") directory.
[Service]
ExecStart=
ExecStart=/usr/sbin/in.tftpd -s /tftp

If the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon must be configured to operate in secure mode.

Description

Remediation Templates

A Manual Procedure