If the Trivial File Transfer Protocol (TFTP) server is required, the OL 8 TFTP daemon must be configured to operate in secure mode.
An XCCDF Rule
Description
Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.
- ID
- SV-248902r991589_rule
- Version
- OL08-00-040350
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure the TFTP daemon to operate in secure mode by adding the following line to "/etc/xinetd.d/tftp" (or modify the line to have the required value):
server_args = -s /var/lib/tftpboot