make undercloud tftp server secure
Issue
- The undercloud installs a tftp server for dnsmasq & bounds it to the ctlplane ip, but to do this it installs the tftp rpm (tftp-server-x.x-xx.el7.x86_64) which drops a default tftp server config in /etc/xinetd/ that binds to all IPs.
- iptables is given below rule:
-A INPUT -p udp -m udp --dport 69 -j ACCEPT
Above rule allows access to that default, generic tftp server. This can create a security risk.
Environment
- Red Hat Open Stack 8
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.