STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The TFTP daemon must operate in secure mode which provides access only to a single directory on the host file system.

DISA Rule

SV-227865r603266_rule

Vulnerability Number

V-227865

Group Title

SRG-OS-000480

Rule Version

GEN005080

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit /etc/inet/inetd.conf and add the -s parameter to TFTPD.
# inetconv

OR

Update the SMF entry for the TFTP daemon.
# svccfg -s tftp/udp6 setprop inetd_start/exec = "astring:\"/usr/sbin/in.tftpd -s <other TFTPD options>\""

Check Contents

Determine if TFTPD is running in secure mode.

# grep tftp /etc/inet/inetd.conf
OR
# svccfg -s tftp/udp6 listprop |grep in.tftpd |grep exec

If any returned service line does not use the -s parameter to TFTPD, this is a finding. If TFTP is not installed this check is not applicable.

Vulnerability Number

V-227865

Documentable

False

Rule Version

GEN005080

Severity Override Guidance

Determine if TFTPD is running in secure mode.

# grep tftp /etc/inet/inetd.conf
OR
# svccfg -s tftp/udp6 listprop |grep in.tftpd |grep exec

If any returned service line does not use the -s parameter to TFTPD, this is a finding. If TFTP is not installed this check is not applicable.

Check Content Reference

M

Target Key

4061

Comments