2.2.5 Ensure DHCP Server is not enabled (Scored)
Profile Applicability
Level 1 - Server Level 1 - Workstation
Description
The Dynamic Host Configuration Protocol (DHCP) is a service that allows machines to be dynamically assigned IP addresses.
Rationale
Unless a system is specifically set up to act as a DHCP server, it is recommended that this service be deleted to reduce the potential attack surface.
Audit
Run the following commands to verify dhcpd
is not enabled:
# systemctl is-enabled dhcpd disabled
Verify result is not “enabled”.
Remediation
Run the following command to disable dhcpd
:
# systemctl disable dhcpd
References
More detailed documentation on DHCP is available at http://www.isc.org/software/dhcp.