{"description": "Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol,\ntypically used to automatically transfer configuration or boot files between systems.\nTFTP does not support authentication and can be easily hacked. The package\n<tt>tftp</tt> is a client program that allows for connections to a <tt>tftp</tt> server.", "rationale": "It is recommended that TFTP be removed, unless there is a specific need\nfor TFTP (such as a boot server). In that case, use extreme caution when configuring\nthe services.", "severity": "low", "references": {"srg": ["SRG-OS-000074-GPOS-00042"], "anssi": ["R62"], "pcidss4": ["2.2.4", "2.2"]}, "control_references": {"anssi": ["R62"], "pcidss4": ["2.2.4", "2.2"]}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": "The <code>tftp</code> package can be removed with the following command: <pre> $ apt-get remove tftp</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must not have the tftp package installed.", "vuldiscussion": "It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities are often overlooked and therefore, may remain insecure. They increase the risk to the platform by providing additional attack vectors.\n\nIf TFTP is required for operational support (such as transmission of router configurations), its use must be documented with the information systems security manager (ISSM), restricted to only authorized personnel, and have access control rules established.", "checktext": "Verify that the tftp package is not installed with the following command:\n\n$ dnf list --installed tftp\n\nError: No matching Packages to list\n\nIf the \"tftp\" package is installed, this is a finding.", "fixtext": "Remove the tftp package with the following command:\n\n$ sudo dnf remove tftp"}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Remove tftp Daemon", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml", "template": {"name": "package_removed", "vars": {"pkgname": "tftp"}, "backends": {}}}