2.1.22 Ensure only approved services are listening on a network interface
Audit#
Run the following command:
Review the output to ensure: - All services listed are required on the system and approved by local site policy. - Both the port and interface the service is listening on are approved by local site policy. - If a listed service is not required: - Remove the package containing the service - - IF - the service's package is required for a dependency, stop and mask the service and/or socket
Remediation#
Run the following command to stop the service and remove the package containing the service:
- OR - If required packages have a dependency: Run the following commands to stop and mask the service and socket:
# systemctl stop <service_name>.socket <service_name>.service
# systemctl mask <service_name>.socket <service_name>.service
Note: replace