Skip to content

2.4 Ensure nonessential services are removed or masked

Audit#

Run the following command: 

# ss -plntu

Review the output to ensure that all services listed are required on the system. If a listed service is not required, remove the package containing the service. If the package containing the service is required, stop and mask the service.

Remediation#

Run the following command to remove the package containing the service: 

# apt purge <package_name>

OR If required packages have a dependency:

Run the following commands to stop and mask the service: 

# systemctl stop <service_name>.socket
# systemctl stop <service_name>.service
# systemctl mask <service_name>.socket
# systemctl mask <service_name>.service