Skip to content

Disable Avahi Server Software

An XCCDF Rule

Description

The avahi-daemon service can be disabled with the following command:

$ sudo systemctl mask --now avahi-daemon.service

Rationale

Because the Avahi daemon service keeps an open network port, it is subject to network attacks. Its functionality is convenient but is only appropriate if the local network can be trusted.

ID
xccdf_org.ssgproject.content_rule_service_avahi-daemon_disabled
Severity
Medium
References
Updated



Remediation - OS Build Blueprint


[customizations.services]
disabled = ["avahi-daemon"]

Remediation - Puppet

include disable_avahi-daemon

class disable_avahi-daemon {
  service {'avahi-daemon':
    enable => false,
    ensure => 'stopped',

Remediation - Ansible

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - NIST-800-53-CM-6(a)
  - NIST-800-53-CM-7(a)