STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

If the Trivial File Transfer Protocol (TFTP) server is required, the RHEL 8 TFTP daemon must be configured to operate in secure mode.

DISA Rule

SV-230557r627750_rule

Vulnerability Number

V-230557

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

RHEL-08-040350

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the TFTP daemon to operate in secure mode by adding the following line to "/etc/xinetd.d/tftp" (or modify the line to have the required value):

server_args = -s /var/lib/tftpboot

Check Contents

Verify the TFTP daemon is configured to operate in secure mode with the following commands:

$ sudo yum list installed tftp-server

tftp-server.x86_64 x.x-x.el8

If a TFTP server is not installed, this is Not Applicable.

If a TFTP server is installed, check for the server arguments with the following command:

$ sudo grep server_args /etc/xinetd.d/tftp

server_args = -s /var/lib/tftpboot

If the "server_args" line does not have a "-s" option, and a subdirectory is not assigned, this is a finding.

Vulnerability Number

V-230557

Documentable

False

Rule Version

RHEL-08-040350

Severity Override Guidance

Verify the TFTP daemon is configured to operate in secure mode with the following commands:

$ sudo yum list installed tftp-server

tftp-server.x86_64 x.x-x.el8

If a TFTP server is not installed, this is Not Applicable.

If a TFTP server is installed, check for the server arguments with the following command:

$ sudo grep server_args /etc/xinetd.d/tftp

server_args = -s /var/lib/tftpboot

If the "server_args" line does not have a "-s" option, and a subdirectory is not assigned, this is a finding.

Check Content Reference

M

Target Key

2921

Comments