Skip to content

2.1.5 Ensure dnsmasq services are not in use

Audit#

Run one of the following command to verify dnsmasq is not installed: 

# dpkg-query -s dnsmasq &>/dev/null && echo "dnsmasq is installed"
Nothing should be returned.

- OR - - IF - the package is required for dependencies: Run the following command to verify dnsmasq.service is not enabled: 

# systemctl is-enabled dnsmasq.service 2>/dev/null | grep 'enabled'
Nothing should be returned

Run the following command to verify dnsmasq.service is not active: 

# systemctl is-active dnsmasq.service 2>/dev/null | grep '^active'
Nothing should be returned

Note: If the package is required for a dependency - Ensure the dependent package is approved by local site policy - Ensure stopping and masking the service and/or socket meets local site policy

Remediation#

Run the following commands to stop dnsmasq.service and remove the dnsmasq package: 

# systemctl stop dnsmasq.service
# apt purge dnsmasq

- OR - - IF - the dnsmasq package is required as a dependency: Run the following commands to stop and mask dnsmasq.service: 

# systemctl stop dnsmasq.service
# systemctl mask dnsmasq.service