The Oracle Linux operating system must be configured so that if the Trivial File Transfer Protocol (TFTP) server is required, the TFTP daemon is configured to operate in secure mode.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-221887 | SRG-OS-000480-GPOS-00227 | OL07-00-040720 | SV-221887r991589_rule | 2025-05-08 | 3 |
Description
Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.
ℹ️ Check
Verify the TFTP daemon is configured to operate in secure mode.
Check to see if a TFTP server has been installed with the following commands:
# yum list installed tftp-server
tftp-server.x86_64 x.x-x.el7
If a TFTP server is not installed, this is Not Applicable.
If a TFTP server is installed, check for the server arguments with the following command:
# grep server_args /etc/xinetd.d/tftp
server_args = -s /var/lib/tftpboot
If the "server_args" line does not have a "-s" option and a subdirectory is not assigned, this is a finding.
✔️ Fix
Configure the TFTP daemon to operate in secure mode by adding the following line to "/etc/xinetd.d/tftp" (or modify the line to have the required value):
server_args = -s /var/lib/tftpboot