GEN005120 - The TFTP daemon must be configured to vendor specs including a home directory owned by the TFTP user - 'tftp user exists'

Information

If TFTP has a valid shell, it increases the likelihood of someone logging to the TFTP account and compromising the system.

Solution

Create a TFTP user account if none exists.
Assign a non-login shell to the TFTP user account, such as /bin/false.
Assign a home directory to the TFTP user account.

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Group-ID|V-849, Rule-ID|SV-849r2_rule, STIG-ID|GEN005120, Vuln-ID|V-849

Plugin: Unix

Control ID: 254654e19968ec68b79ce754acf96c56b7af31f0a0d3b619a9ec0fa0990a14ac