このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Description
Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol,
typically used to automatically transfer configuration or boot files between systems.
TFTP does not support authentication and can be easily hacked. The package
tftp
is a client program that allows for connections to a tftp
server.
Rationale
It is recommended that TFTP be removed, unless there is a specific need
for TFTP (such as a boot server). In that case, use extreme caution when configuring
the services.
Shell script
The following script can be run on the host to remediate the issue.
#!/bin/bash
# CAUTION: This remediation script will remove tftp
# from the system, and may remove any packages
# that depend on tftp. Execute this
# remediation AFTER testing on a non-production
# system!
if rpm -q --quiet "tftp" ; then
yum remove -y "tftp"
fi
Ansible playbook
The following playbook can be run with Ansible to remediate the issue.
- name: Ensure tftp is removed
package:
name: tftp
state: absent
tags:
- CCE-80443-5
- PCI-DSSv4-2.2.4
- disable_strategy
- low_complexity
- low_disruption
- low_severity
- no_reboot_needed
- package_tftp_removed