STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021:

The Red Hat Enterprise Linux operating system must be configured so that if the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon is configured to operate in secure mode.

DISA Rule

SV-204623r603261_rule

Vulnerability Number

V-204623

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

RHEL-07-040720

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the TFTP daemon to operate in secure mode by adding the following line to "/etc/xinetd.d/tftp" (or modify the line to have the required value):

server_args = -s /var/lib/tftpboot

Check Contents

Verify the TFTP daemon is configured to operate in secure mode.

Check to see if a TFTP server has been installed with the following commands:

# yum list installed tftp-server
tftp-server.x86_64 x.x-x.el7 rhel-7-server-rpms

If a TFTP server is not installed, this is Not Applicable.

If a TFTP server is installed, check for the server arguments with the following command:

# grep server_args /etc/xinetd.d/tftp
server_args = -s /var/lib/tftpboot

If the "server_args" line does not have a "-s" option and a subdirectory is not assigned, this is a finding.

Vulnerability Number

V-204623

Documentable

False

Rule Version

RHEL-07-040720

Severity Override Guidance

Verify the TFTP daemon is configured to operate in secure mode.

Check to see if a TFTP server has been installed with the following commands:

# yum list installed tftp-server
tftp-server.x86_64 x.x-x.el7 rhel-7-server-rpms

If a TFTP server is not installed, this is Not Applicable.

If a TFTP server is installed, check for the server arguments with the following command:

# grep server_args /etc/xinetd.d/tftp
server_args = -s /var/lib/tftpboot

If the "server_args" line does not have a "-s" option and a subdirectory is not assigned, this is a finding.

Check Content Reference

M

Target Key

2899

Comments