ubuntu1604:2:2:5

2.2.5 Ensure DHCP Server is not enabled (Scored)

Profile Applicability

Level 1 - Server
Level 1 - Workstation

Description

The Dynamic Host Configuration Protocol (DHCP) is a service that allows machines to be dynamically assigned IP addresses.

Rationale

Unless a system is specifically set up to act as a DHCP server, it is recommended that this service be deleted to reduce the potential attack surface.

Audit

Run the following commands to verify dhcpd is not enabled: 

# systemctl is-enabled isc-dhcp-server 
disabled 
# systemctl is-enabled isc-dhcp-server6 
disabled

Verify result is not “enabled”.

Remediation

Run the following command to disable dhcpd: 

# systemctl disable isc-dhcp-server 
# systemctl disable isc-dhcp-server6

References

More detailed documentation on DHCP is available at http://www.isc.org/software/dhcp.

  • ubuntu1604/2/2/5.txt
  • Last modified: 2017/05/02 11:24
  • by Piotr Kłoczewski