Remove tftp Daemon

An XCCDF Rule

Description

Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol, typically used to automatically transfer configuration or boot files between systems. TFTP does not support authentication and can be easily hacked. The package tftp is a client program that allows for connections to a tftp server.

Rationale

It is recommended that TFTP be removed, unless there is a specific need for TFTP (such as a boot server). In that case, use extreme caution when configuring the services.

ID: xccdf_org.ssgproject.content_rule_package_tftp_removed
Severity: Low
References: BP28(R1)

CCE-91465-5

2.2.4
Updated: about 1 year ago

- name: Ensure tftp is removed
  package:
    name: tftp
    state: absent
  tags:
  - CCE-91465-5  - PCI-DSSv4-2.2.4
  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - package_tftp_removed

include remove_tftp

class remove_tftp {
  package { 'tftp':
    ensure => 'purged',
  }}


# CAUTION: This remediation script will remove tftp
#	   from the system, and may remove any packages
#	   that depend on tftp. Execute this
#	   remediation AFTER testing on a non-production
#	   system!
zypper remove -y "tftp"

Remove tftp Daemon

Description

Rationale

Remediation - Ansible

Remediation - Puppet

Remediation - Shell Script