Skip to content

Disable Quagga Service

An XCCDF Rule

Description

The zebra service can be disabled with the following command:

$ sudo systemctl mask --now zebra.service

Rationale

Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If routing daemons are used when not required, system network information may be unnecessarily transmitted across the network.

ID
xccdf_org.ssgproject.content_rule_service_zebra_disabled
Severity
Medium
References
Updated



Remediation - OS Build Blueprint


[customizations.services]
disabled = ["zebra"]

Remediation - Puppet

include disable_zebra

class disable_zebra {
  service {'zebra':
    enable => false,
    ensure => 'stopped',

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" stop 'zebra.service'
"$SYSTEMCTL_EXEC" disable 'zebra.service'

Remediation - Kubernetes Patch

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
  config:
    ignition:
      version: 3.1.0

Remediation - Ansible

- name: Block Disable service zebra
  block:

  - name: Disable service zebra
    block: