2.2.16 Ensure tftp server services are not in use

Information

Trivial File Transfer Protocol (TFTP) is a simple protocol for exchanging files between two TCP/IP machines. TFTP servers allow connections from a TFTP Client for sending and receiving files.

Unless there is a need to run the system as a TFTP server, it is recommended that the package be removed to reduce the potential attack surface.

TFTP does not have built-in encryption, access control or authentication. This makes it very easy for an attacker to exploit TFTP to gain access to files

Solution

Run the following commands to stop tftp.socket and tftp.service and remove the tftp-server package:

# systemctl stop tftp.socket tftp.service
# yum remove tftp-server

-OR-

-IF- the tftp-server package is required as a dependency:

Run the following commands to stop and mask tftp.socket and tftp.service :

# systemctl stop tftp.socket tftp.service
# systemctl mask tftp.socket tftp.service

Impact:

TFTP is often used to provide files for network booting such as for PXE based installation of servers.

There may be packages that are dependent on the tftp-server package. If the tftp-server package is removed, these dependent packages will be removed as well. Before removing the tftp-server package, review any dependent packages to determine if they are required on the system.

-IF- a dependent package is required: stop and mask the tftp.socket and tftp.service leaving the tftp-server package installed.

See Also

https://workbench.cisecurity.org/benchmarks/15965

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.2

Plugin: Unix

Control ID: ee688d43b44a796f95cef3745118a547e11564f386808931f56faa14a1129e8c