Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-849 | GEN005120 | SV-35157r1_rule | ECSC-1 | Medium |
Description |
---|
If TFTP has a valid shell, it increases the likelihood that someone could logon to the TFTP account and compromise the system. |
STIG | Date |
---|---|
HP-UX 11.23 Security Technical Implementation Guide | 2014-12-11 |
Check Text ( None ) |
---|
None |
Fix Text (F-31962r1_fix) |
---|
Create a tftp user account if none exists. Assign a non-login shell to the tftp user account, such as /usr/bin/false. Assign/create the tftp user account home directory where/as necessary. Ensure the home directory is owned by the tftp user. |