1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
documentation_complete: true
prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15
title: 'Remove tftp Daemon'
description: |-
Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol,
typically used to automatically transfer configuration or boot files between systems.
TFTP does not support authentication and can be easily hacked. The package
<tt>tftp</tt> is a client program that allows for connections to a <tt>tftp</tt> server.
rationale: |-
It is recommended that TFTP be removed, unless there is a specific need
for TFTP (such as a boot server). In that case, use extreme caution when configuring
the services.
severity: low
identifiers:
cce@rhel7: CCE-80443-5
cce@rhel8: CCE-83590-0
cce@rhel9: CCE-84153-6
cce@sle12: CCE-91465-5
cce@sle15: CCE-91158-6
references:
anssi: BP28(R1)
cis@rhel8: 2.3.6
ocil: '{{{ describe_package_remove(package="tftp") }}}'
template:
name: package_removed
vars:
pkgname: tftp
|
