Details
The operating system must not have the Trivial File Transfer Protocol (TFTP) server package installed if not required for operational support.
Rationale:
If TFTP is required for operational support (such as the transmission of router configurations) its use must be documented with the Information System Security Officer (ISSO), restricted to only authorized personnel, and have access control rules established.
Solution
Remove the TFTP package from the system with the following command:
# yum remove tftp-server
Notes:
This Benchmark recommendation maps to:
Red Hat Enterprise Linux 7 Security Technical Implementation Guide:
Version 2, Release: 3 Benchmark Date: 26 Apr 2019
Vul ID: V-72301
Rule ID: SV-86925r2_rule
STIG ID: RHEL-07-040700
Severity: CAT I
Supportive Information
The following resource is also helpful.
This control applies to the following type of system Unix.