id: tftp-service-enabled

info:
  name: TFTP Service Should Be Disabled
  author: songyaeji
  severity: info
  description: |
    The tftp service was rarely needed and contained known vulnerabilities that could have been targeted by attackers.It was checked to confirm that the tftp service was properly disabled in the xinetd configuration.
  reference:
    - https://isms.kisa.or.kr
  tags: linux,local,code,audit,compliance,kisas

self-contained: true

code:
  - engine:
      - sh
      - bash
    source: |
      file="/etc/xinetd.d/tftp"
      if [ -f "$file" ]; then
        if grep -q "disable[[:space:]]*=[[:space:]]*yes" "$file"; then
          echo "[SAFE] tftp is disabled."
        else
          echo "[VULNERABLE] tftp is not disabled in $file."
        fi
      else
        echo "[SAFE] tftp service config file not found. Assuming not installed."
      fi
    matchers:
      - type: word
        words:
          - "[VULNERABLE]"
# digest: 490a0046304402207ca25deb7789e6bf0355d2057e97eb454211d418bc137f3d92febb0ec1f8863b02204a9bca89b9b27e6c9987aa23836df6dc1fdd1e7c35c09be66be3b5ed121805ea:922c64590222798bb761d5b6d8e72950