2.1.16 Ensure tftp server services are not in use

Information

Trivial File Transfer Protocol (TFTP) is a simple protocol for exchanging files between two TCP/IP machines. TFTP servers allow connections from a TFTP Client for sending and receiving files.

Unless there is a need to run the system as a TFTP server, it is recommended that the package be removed to reduce the potential attack surface.

TFTP does not have built-in encryption, access control or authentication. This makes it very easy for an attacker to exploit TFTP to gain access to files

Solution

Run the following commands to stop tftpd-hpa.service and remove the tftpd-hpa package:

# systemctl stop tftpd-hpa.service
# apt purge tftpd-hpa

- OR -

- IF - the tftpd-hpa package is required as a dependency:

Run the following commands to stop and mask tftpd-hpa.service :

# systemctl stop tftpd-hpa.service
# systemctl mask tftpd-hpa.service

Impact:

TFTP is often used to provide files for network booting such as for PXE based installation of servers.

There may be packages that are dependent on the tftpd-hpa package. If the tftpd-hpa package is removed, these dependent packages will be removed as well. Before removing the tftpd-hpa package, review any dependent packages to determine if they are required on the system.

- IF - a dependent package is required: stop and mask tftpd-hpa.service leaving the tftpd-hpa package installed.

See Also

https://workbench.cisecurity.org/benchmarks/17045

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: 2f513e1f8ecff50c62bc478719146f4dbf186a74c449e8490f1aec098793a633