centos7:2:2:5

2.2.5 Ensure DHCP Server is not enabled (Scored)

Profile Applicability

Level 1 - Server
Level 1 - Workstation

Description

The Dynamic Host Configuration Protocol (DHCP) is a service that allows machines to be dynamically assigned IP addresses.

Rationale

Unless a system is specifically set up to act as a DHCP server, it is recommended that this service be deleted to reduce the potential attack surface.

Audit

Run the following commands to verify dhcpd is not enabled: 

# systemctl is-enabled dhcpd 
disabled

Verify result is not “enabled”.

Remediation

Run the following command to disable dhcpd: 

# systemctl disable dhcpd

References

More detailed documentation on DHCP is available at http://www.isc.org/software/dhcp.

  • centos7/2/2/5.txt
  • Last modified: 2017/05/04 15:57
  • by 127.0.0.1