STIGQter STIGQter: STIG Summary: Canonical Ubuntu 16.04 Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jan 2020: If the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon must be configured to operate in secure mode.

DISA Rule

SV-90579r1_rule

Vulnerability Number

V-75899

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

UBTU-16-030730

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Trivial File Transfer Protocol (TFTP) daemon to operate in the secure mode by adding the "--secure" option to TFTP_OPTIONS in /etc/default/tftpd-hpa and restart the tftpd daemon.

Check Contents

Verify the Trivial File Transfer Protocol (TFTP) daemon is configured to operate in secure mode.

Check to see if a TFTP server has been installed with the following commands:

# dpkg -l | grep tftpd-hpa
ii tftpd-hpa 5.2+20150808-1Ubuntu1.16.04.1
If a TFTP server is not installed, this is Not Applicable.

If a TFTP server is installed, check for the server arguments with the following command:

# grep TFTP_OPTIONS /etc/default/tftpd-hpa
TFTP_OPTIONS="--secure"

If "--secure" is not listed in the TFTP_OPTIONS, this is a finding.

Vulnerability Number

V-75899

Documentable

False

Rule Version

UBTU-16-030730

Severity Override Guidance

Verify the Trivial File Transfer Protocol (TFTP) daemon is configured to operate in secure mode.

Check to see if a TFTP server has been installed with the following commands:

# dpkg -l | grep tftpd-hpa
ii tftpd-hpa 5.2+20150808-1Ubuntu1.16.04.1
If a TFTP server is not installed, this is Not Applicable.

If a TFTP server is installed, check for the server arguments with the following command:

# grep TFTP_OPTIONS /etc/default/tftpd-hpa
TFTP_OPTIONS="--secure"

If "--secure" is not listed in the TFTP_OPTIONS, this is a finding.

Check Content Reference

M

Target Key

3075

Comments