2.2.4 Ensure CUPS is not enabled (Scored)

Level 1 - Server
Level 2 - Workstation 

The Common Unix Print System (CUPS) provides the ability to print to both local and network printers. A system running CUPS can also accept print jobs from remote systems and print them to local printers. It also provides a web based remote administration capability.

If the system does not need to print jobs or accept print jobs from other systems, it is recommended that CUPS be disabled to reduce the potential attack surface.

Run the following command to verify cups is not enabled:

# systemctl is-enabled cups 
disabled

Verify result is not “enabled”.

Run the following command to disable cups:

# systemctl disable cups

Disabling CUPS will prevent printing from the system, a common task for workstation systems.

More detailed documentation on CUPS is available at the project homepage at http://www.cups.org.

  • ubuntu1604/2/2/4.txt
  • Last modified: 2017/05/06 18:02
  • by 127.0.0.1