Skip to content

Remove tftp Daemon

An XCCDF Rule

Description

Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol, typically used to automatically transfer configuration or boot files between systems. TFTP does not support authentication and can be easily hacked. The package tftp is a client program that allows for connections to a tftp server.

Rationale

It is recommended that TFTP be removed, unless there is a specific need for TFTP (such as a boot server). In that case, use extreme caution when configuring the services.

ID
xccdf_org.ssgproject.content_rule_package_tftp_removed
Severity
Low
References
Updated



Remediation - Anaconda Pre-Install Instructions


package --remove=tftp

Remediation - Ansible

- name: Ensure tftp is removed
  package:
    name: tftp
    state: absent
  tags:
  - PCI-DSSv4-2.2.4

Remediation - Puppet

include remove_tftp

class remove_tftp {
  package { 'tftp':
    ensure => 'purged',
  }

Remediation - Shell Script


# CAUTION: This remediation script will remove tftp
#	   from the system, and may remove any packages
#	   that depend on tftp. Execute this
#	   remediation AFTER testing on a non-production
#	   system!