1. Install and Configure TFTP Server – Linux
i | P a g e
Overview.................................................................................................................................... 1
Pre-requisites ........................................................................................................................ 1
Validate Package Installation ................................................................................................ 1
Enabling TFTP Server (xinetd/tftp) ............................................................................................ 1
Start xinetd service.................................................................................................................... 1
Status xinetd service.................................................................................................................. 1
Restart xinetd service................................................................................................................ 2
Copying Firewall Configuration to TFTP Server......................................................................... 2
Troubleshooting ........................................................................................................................ 2
SELinux Configuration............................................................................................................ 2
Viewing current SELinux configuration setting ..................................................................... 2
Cause – Denial of writing....................................................................................................... 3
Install Package .................................................................................................................. 3
Modify Privileges............................................................................................................... 3
Verify Log File .................................................................................................................... 4
Change the selinux configuration for tftpd........................................................................... 4
Verify Boolean setting ........................................................................................................... 4
Modify Boolean setting ......................................................................................................... 4
Re-initiate Copying ................................................................................................................ 5
Verify Configuration file on TFTP Server ........................................................................... 5
Connect to TFTP Server Via TFTP Client – Non interactive Mode............................................. 6
Connect to TFTP Server via TFTP Client – Interactive Mode..................................................... 6
2. Install and Configure TFTP Server – Linux
1 | P a g e
Overview
Trivial File Transport Protocol (TFTP) is a very simple file transfer protocol, with the
functionality of a very basic form of FTP; it was first defined in 1980. TFTPD service listens on
UDP Port “69”. In this guide we are installing TFTP server with SELinux Enabled.
Pre-requisites
TFTP Client tftp-0.42-3.1.el5.centos.rpm
TFTP Server tftp-server-0.42-3.1.el5.centos.rpm
xinetd (Super Server) – Optional if it is already
installed.
xinetd-2.3.14-10.el5.rpm
Validate Package Installation
To check whether xinetd-2.3.14-10.el5.rpm package is already, run the below command
rpm -qa | grep xinetd
Enabling TFTP Server (xinetd/tftp)
To enable see the screenshot below, edit the TFTP Server edit the file….
Set the value of “disable = no”, as shown below:
vi /etc/xinetd.d/tftp
Start xinetd service
To start xinetd service, execute the below command
service xinetd start
Status xinetd service
In order to know the status the of xinetd service, execute the below command
service xinetd status
3. Install and Configure TFTP Server – Linux
2 | P a g e
Restart xinetd service
To restart xinetd service, execute the below command
service xinetd restart
Copying Firewall Configuration to TFTP Server
In the following screenshot, copying the running-config to the tftp server has been denied,
which is highlighted.
Troubleshooting
SELinux Configuration
First of all we need to check whether the SELINUXTYPE is set to “targeted” or “disabled”, if
SELINUXTYPE is set to “targeted”.
Viewing current SELinux configuration setting
less /etc/sysconfig/selinux
see the screenshot, currently SELINUXTYPE is set to “targeted” which is highlighted below:
4. Install and Configure TFTP Server – Linux
3 | P a g e
Cause – Denial of writing
Install Package
Download and install “setroubleshoot” package in order to get the selinux related error
messages to “/var/log/messages”, To install run below command
yum install setrouble*
Modify Privileges
For instance, if you want to get/put the file ciscoasafilewall.config then be sure that
“/tftpboot/ciscoasafilewall.config” exists and the permissions are set to world writeable and
readable 666. For example, consider the following:
touch ciscoasafirewall.config
chmod 666 ciscoasafirewall.config
ls -l /tftpboot/ciscoasafirewall.config
5. Install and Configure TFTP Server – Linux
4 | P a g e
Verify Log File
If the above packages are installed successfully, you will see the below messages in
“/var/log/messages”. To verify the reason for denial of firewall configuration file writing
“ciscoasafirewall.config”, “tail /var/log/messages”, see the highlighted message. “SELinux is
preventing in.tfptd (tftpd daemon)“, for more info you can run the command from the bash
prompt “sealert -l <Unique code>” which is highlighted.
Change the selinux configuration for tftpd
After running the command “sealert -l 13d5c5dd-efbf-47bf-96fa-9743b129aa25”, verify
“Allowing Access:” details.
Verify Boolean setting
Execute the below command, to know the current setting on tftpd
getsebool –a | grep tftpd
Modify Boolean setting
We need to change the SELinux configuration for tftpd service to accept connection, because
it is currently disabled.
Run the below command, to change the current setting on tftpd
setsebool -P tftpd_disable_trans=1
6. Install and Configure TFTP Server – Linux
5 | P a g e
Re-initiate Copying
After making necessary changes to the selinux configuration, start copying the firewall
configuration.
Note: In this case the file gets copied successfully.
Verify Configuration file on TFTP Server
In the below screenshot
7. Install and Configure TFTP Server – Linux
6 | P a g e
Connect to TFTP Server Via TFTP Client – Non interactive Mode
In order to use tftp client you need to install “tftp-0.42-3.1.el5.centos.rpm” package,
screenshot below is to get the “ciscoasafirewall.config” file in an non-interactive mode
execute the below command:
tftp 192.168.2.14 -c get ciscoasafirewall.config This command will get the file from
tftpserver and store it in the current working directory.
Connect to TFTP Server via TFTP Client – Interactive Mode
In order to use tftp in interactive mode, screenshot below is to get the
“ciscoasafirewall.config” file in an interactive mode execute the below command:
tftp
get ciscoasafirewall.config
quit