TFTP Installation Configuration Guide

Install and Configure TFTP Server – Linux

i | P a g e

Overview .................................................................................................................................... 1

Pre-requisites ........................................................................................................................ 1

Validate Package Installation ................................................................................................ 1

Enabling TFTP Server (xinetd/tftp) ............................................................................................ 1

Start xinetd service .................................................................................................................... 1

Status xinetd service .................................................................................................................. 1

Restart xinetd service ................................................................................................................ 2

Copying Firewall Configuration to TFTP Server ......................................................................... 2

Troubleshooting ........................................................................................................................ 2

SELinux Configuration ............................................................................................................ 2

Viewing current SELinux configuration setting ..................................................................... 2

Cause – Denial of writing ....................................................................................................... 3

Install Package .................................................................................................................. 3

Modify Privileges ............................................................................................................... 3

Verify Log File .................................................................................................................... 4

Change the selinux configuration for tftpd ........................................................................... 4

Verify Boolean setting ........................................................................................................... 4

Modify Boolean setting ......................................................................................................... 4

Re-initiate Copying ................................................................................................................ 5

Verify Configuration file on TFTP Server ........................................................................... 5

Connect to TFTP Server Via TFTP Client – Non interactive Mode ............................................. 6

Connect to TFTP Server via TFTP Client – Interactive Mode ..................................................... 6


1 | P a g e

Overview

Trivial File Transport Protocol (TFTP) is a very simple file transfer protocol, with the functionality of a very basic form of FTP; it was first defined in 1980. TFTPD service listens on UDP Port “69”. In this guide we are installing TFTP server with SELinux Enabled.

Pre-requisites

TFTP Client tftp-0.42-3.1.el5.centos.rpm

TFTP Server tftp-server-0.42-3.1.el5.centos.rpm

xinetd (Super Server) – Optional if it is already installed.

xinetd-2.3.14-10.el5.rpm

Validate Package Installation

To check whether xinetd-2.3.14-10.el5.rpm package is already, run the below command

rpm -qa | grep xinetd

Enabling TFTP Server (xinetd/tftp)

To enable see the screenshot below, edit the TFTP Server edit the file….

Set the value of “disable = no”, as shown below:

vi /etc/xinetd.d/tftp

Start xinetd service

To start xinetd service, execute the below command

service xinetd start

Status xinetd service

In order to know the status the of xinetd service, execute the below command

service xinetd status


2 | P a g e

Restart xinetd service

To restart xinetd service, execute the below command

service xinetd restart

Copying Firewall Configuration to TFTP Server

In the following screenshot, copying the running-config to the tftp server has been denied, which is highlighted.

Troubleshooting

SELinux Configuration

First of all we need to check whether the SELINUXTYPE is set to “targeted” or “disabled”, if SELINUXTYPE is set to “targeted”.

Viewing current SELinux configuration setting

less /etc/sysconfig/selinux

see the screenshot, currently SELINUXTYPE is set to “targeted” which is highlighted below:


3 | P a g e

Cause – Denial of writing

Install Package

Download and install “setroubleshoot” package in order to get the selinux related error messages to “/var/log/messages”, To install run below command

yum install setrouble*

Modify Privileges

For instance, if you want to get/put the file ciscoasafilewall.config then be sure that “/tftpboot/ciscoasafilewall.config” exists and the permissions are set to world writeable and readable 666. For example, consider the following:

touch ciscoasafirewall.config

chmod 666 ciscoasafirewall.config

ls -l /tftpboot/ciscoasafirewall.config


4 | P a g e

Verify Log File

If the above packages are installed successfully, you will see the below messages in “/var/log/messages”. To verify the reason for denial of firewall configuration file writing “ciscoasafirewall.config”, “tail /var/log/messages”, see the highlighted message. “SELinux is preventing in.tfptd (tftpd daemon)“, for more info you can run the command from the bash prompt “sealert -l <Unique code>” which is highlighted.

Change the selinux configuration for tftpd

After running the command “sealert -l 13d5c5dd-efbf-47bf-96fa-9743b129aa25”, verify “Allowing Access:” details.

Verify Boolean setting

Execute the below command, to know the current setting on tftpd

getsebool –a | grep tftpd

Modify Boolean setting

We need to change the SELinux configuration for tftpd service to accept connection, because it is currently disabled.

Run the below command, to change the current setting on tftpd

setsebool -P tftpd_disable_trans=1


5 | P a g e

Re-initiate Copying

After making necessary changes to the selinux configuration, start copying the firewall configuration.

Note: In this case the file gets copied successfully.

Verify Configuration file on TFTP Server

In the below screenshot


6 | P a g e

Connect to TFTP Server Via TFTP Client – Non interactive Mode

In order to use tftp client you need to install “tftp-0.42-3.1.el5.centos.rpm” package, screenshot below is to get the “ciscoasafirewall.config” file in an non-interactive mode execute the below command:

tftp 192.168.2.14 -c get ciscoasafirewall.config This command will get the file from tftpserver and store it in the current working directory.

Connect to TFTP Server via TFTP Client – Interactive Mode

In order to use tftp in interactive mode, screenshot below is to get the “ciscoasafirewall.config” file in an interactive mode execute the below command:

tftp

get ciscoasafirewall.config

quit

Technology

TFTP Installation Configuration Guide