STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 2 Release: 6 Benchmark Date: 24 Jan 2020: The Red Hat Enterprise Linux operating system must not have the Trivial File Transfer Protocol (TFTP) server package installed if not required for operational support.

DISA Rule

SV-86925r2_rule

Vulnerability Number

V-72301

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

RHEL-07-040700

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Remove the TFTP package from the system with the following command:

# yum remove tftp-server

Check Contents

Verify a TFTP server has not been installed on the system.

Check to see if a TFTP server has been installed with the following command:

# yum list installed tftp-server
tftp-server-0.49-9.el7.x86_64.rpm

If TFTP is installed and the requirement for TFTP is not documented with the ISSO, this is a finding.

Vulnerability Number

V-72301

Documentable

False

Rule Version

RHEL-07-040700

Severity Override Guidance

Verify a TFTP server has not been installed on the system.

Check to see if a TFTP server has been installed with the following command:

# yum list installed tftp-server
tftp-server-0.49-9.el7.x86_64.rpm

If TFTP is installed and the requirement for TFTP is not documented with the ISSO, this is a finding.

Check Content Reference

M

Target Key

2777

Comments