STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Oracle Linux 8 Security Technical Implementation Guide

V-248902

CAT II (Medium)

If the Trivial File Transfer Protocol (TFTP) server is required, the OL 8 TFTP daemon must be configured to operate in secure mode.

Rule ID

SV-248902r1106146_rule

STIG

Oracle Linux 8 Security Technical Implementation Guide

Version

V2R8

CCIs

CCI-000366

Discussion

Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.

Check Content

Note: If TFTP is not required, it must not be installed. If TFTP is not installed, this rule is not applicable.

Check to see if TFTP server is installed with the following command:

$ sudo dnf list installed | grep tftp-server 
tftp-server.x86_64 x.x-x.el8

Verify the TFTP daemon, if tftp.server is installed, is configured to operate in secure mode with the following command:

$ grep -i execstart /usr/lib/systemd/system/tftp.service
ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot

Note: The "-s" option ensures the TFTP server only serves files from the specified directory, which is a security measure to prevent unauthorized access to other parts of the file system.

Fix Text

Configure the TFTP daemon to operate in secure mode with the following command:
$ sudo systemctl edit tftp.service

In the editor, enter:
[Service]
ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot

After making changes, reload the systemd daemon and restart the TFTP service as follows:
$ sudo systemctl daemon-reload
$ sudo systemctl restart tftp.service