Uninstall dnsmasq Package

An XCCDF Rule

Description

dnsmasq is a lightweight tool that provides DNS caching, DNS forwarding and DHCP (Dynamic Host Configuration Protocol) services.
The dnsmasq package can be removed with the following command:

$ sudo yum erase dnsmasq

Rationale

Unless a system is specifically designated to act as a DNS caching, DNS forwarding and/or DHCP server, it is recommended that the package be removed to reduce the potential attack surface.

ID: xccdf_org.ssgproject.content_rule_package_dnsmasq_removed
Severity: Low
References: 2.2.5

CCE-90761-8
Updated: 8 months ago


package --remove=dnsmasq

- name: Ensure dnsmasq is removed
  package:
    name: dnsmasq
    state: absent
  tags:
  - CCE-90761-8  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - package_dnsmasq_removed

include remove_dnsmasq

class remove_dnsmasq {
  package { 'dnsmasq':
    ensure => 'purged',
  }}


# CAUTION: This remediation script will remove dnsmasq
#	   from the system, and may remove any packages
#	   that depend on dnsmasq. Execute this
#	   remediation AFTER testing on a non-production
#	   system!
if rpm -q --quiet "dnsmasq" ; then

    yum remove -y "dnsmasq"

fi

Uninstall dnsmasq Package

Description

Rationale

Remediation - Anaconda Pre-Install Instructions

Remediation - Ansible

Remediation - Puppet

Remediation - Shell Script