Uninstall DHCP Server Package

An XCCDF Rule

Description

If the system does not need to act as a DHCP server, the dhcp package can be uninstalled. The isc-dhcp-server package can be removed with the following command:

$ apt-get remove isc-dhcp-server

Rationale

Removing the DHCP server ensures that it cannot be easily or accidentally reactivated and disrupt network operation.

ID: xccdf_org.ssgproject.content_rule_package_dhcp_removed
Severity: Medium
References: BP28(R1)

11 14 3 9

BAI10.01 BAI10.02 BAI10.03 BAI10.05 DSS05.02 DSS05.05 DSS06.06

CCI-000366

4.3.3.5.1 4.3.3.5.2 4.3.3.5.3 4.3.3.5.4 4.3.3.5.5 4.3.3.5.6 4.3.3.5.7 4.3.3.5.8 4.3.3.6.1 4.3.3.6.2 4.3.3.6.3 4.3.3.6.4 4.3.3.6.5 4.3.3.6.6 4.3.3.6.7 4.3.3.6.8 4.3.3.6.9 4.3.3.7.1 4.3.3.7.2 4.3.3.7.3 4.3.3.7.4 4.3.4.3.2 4.3.4.3.3

SR 1.1 SR 1.10 SR 1.11 SR 1.12 SR 1.13 SR 1.2 SR 1.3 SR 1.4 SR 1.5 SR 1.6 SR 1.7 SR 1.8 SR 1.9 SR 2.1 SR 2.2 SR 2.3 SR 2.4 SR 2.5 SR 2.6 SR 2.7 SR 7.6

A.12.1.2 A.12.5.1 A.12.6.2 A.14.2.2 A.14.2.3 A.14.2.4 A.9.1.2

CM-6(a) CM-7(a) CM-7(b)

PR.IP-1 PR.PT-3

2.2.4

2.2.4
Updated: about 1 year ago


# CAUTION: This remediation script will remove isc-dhcp-server
#	   from the system, and may remove any packages
#	   that depend on isc-dhcp-server. Execute this
#	   remediation AFTER testing on a non-production
#	   system!
DEBIAN_FRONTEND=noninteractive apt-get remove -y "isc-dhcp-server"

- name: Ensure isc-dhcp-server is removed
  package:
    name: isc-dhcp-server
    state: absent
  tags:
  - NIST-800-53-CM-6(a)  - NIST-800-53-CM-7(a)
  - NIST-800-53-CM-7(b)
  - PCI-DSSv4-2.2.4
  - disable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - package_dhcp_removed

include remove_isc-dhcp-server

class remove_isc-dhcp-server {
  package { 'isc-dhcp-server':
    ensure => 'purged',
  }}

Uninstall DHCP Server Package

Description

Rationale

Remediation - Shell Script

Remediation - Ansible

Remediation - Puppet