2.2.4 Ensure CUPS is not enabled (Scored)
Profile Applicability
Level 1 - Server Level 2 - Workstation
Description
The Common Unix Print System (CUPS) provides the ability to print to both local and network printers. A system running CUPS can also accept print jobs from remote systems and print them to local printers. It also provides a web based remote administration capability.
Rationale
If the system does not need to print jobs or accept print jobs from other systems, it is recommended that CUPS be disabled to reduce the potential attack surface.
Audit
Run the following command to verify cups
is not enabled:
# systemctl is-enabled cups disabled
Verify result is not “enabled”.
Remediation
Run the following command to disable cups
:
# systemctl disable cups
Impact
Disabling CUPS will prevent printing from the system, a common task for workstation systems.
References
More detailed documentation on CUPS is available at the project homepage at http://www.cups.org.