Skip to content

2.1.17 Ensure web proxy server services are not in use

Audit#

Run the following command to verify squid is not installed: 

# dpkg-query -s squid &>/dev/null && echo "squid is installed"
Nothing should be returned.

- OR - - IF - the package is required for dependencies: Run the following command to verify squid.service is not enabled: 

# systemctl is-enabled squid.service 2>/dev/null | grep 'enabled'
Nothing should be returned.

Run the following command to verify the squid.service is not active: 

# systemctl is-active squid.service 2>/dev/null | grep '^active'
Nothing should be returned.

Note: If the package is required for a dependency - Ensure the dependent package is approved by local site policy - Ensure stopping and masking the service and/or socket meets local site policy

Remediation#

Run the following commands to stop squid.service and remove the squid package: 

# systemctl stop squid.service
# apt purge squid

- OR - if the squid package is required as a dependency: Run the following commands to stop and mask squid.service: 

# systemctl stop squid.service
# systemctl mask squid.service