STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Oracle Linux 9 Security Technical Implementation Guide

V-271463

CAT I (High)

OL 9 must not have a Trivial File Transfer Protocol (TFTP) server package installed.

Rule ID

SV-271463r1184172_rule

STIG

Oracle Linux 9 Security Technical Implementation Guide

Version

V1R5

CCIs

CCI-000366

Discussion

Removing the "tftp-server" package decreases the risk of the accidental (or intentional) activation of tftp services. If TFTP is required for operational support (such as transmission of router configurations), its use must be documented with the information systems security manager (ISSM), restricted to only authorized personnel, and have access control rules established.

Check Content

Verify OL 9 does not have a tftp server package installed with the following command:

$ dnf list --installed | grep tftp-server

If the "tftp-server" package is installed, this is a finding.

Fix Text

Remove the tftp-server package with the following command:

$ sudo dnf remove tftp-server