Skip to content

2.1.14 Ensure samba file server services are not in use

Audit#

Run the following command to verify samba is not installed: 

# dpkg-query -s samba &>/dev/null && echo "samba is installed"
Nothing should be returned.

- OR - - IF - the package is required for dependencies: Run the following command to verify smbd.service is not enabled: 

# systemctl is-enabled smbd.service 2>/dev/null | grep 'enabled'
Nothing should be returned.

Run the following command to verify the smbd.service is not active: 

# systemctl is-active smbd.service 2>/dev/null | grep '^active'
Nothing should be returned.

Remediation#

Run the following commands to stop smbd.service and remove samba package: 

# systemctl stop smbd.service
# apt purge samba

- OR - - IF - the samba package is required as a dependency: Run the following commands to stop and mask smbd.service: 

# systemctl stop smbd.service
# systemctl mask smbd.service