STIGQter STIGQter: STIG Summary: Red Hat Enterprise Linux 6 Security Technical Implementation Guide Version: 1 Release: 24 Benchmark Date: 25 Oct 2019: The avahi service must be disabled.

DISA Rule

SV-50419r2_rule

Vulnerability Number

V-38618

Group Title

SRG-OS-999999

Rule Version

RHEL-06-000246

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

The "avahi-daemon" service can be disabled with the following commands:

# chkconfig avahi-daemon off
# service avahi-daemon stop

Check Contents

To check that the "avahi-daemon" service is disabled in system boot configuration, run the following command:

# chkconfig "avahi-daemon" --list

Output should indicate the "avahi-daemon" service has either not been installed, or has been disabled at all runlevels, as shown in the example below:

# chkconfig "avahi-daemon" --list
"avahi-daemon" 0:off 1:off 2:off 3:off 4:off 5:off 6:off

Run the following command to verify "avahi-daemon" is disabled through current runtime configuration:

# service avahi-daemon status

If the service is disabled the command will return the following output:

avahi-daemon is stopped


If the service is running, this is a finding.

Vulnerability Number

V-38618

Documentable

False

Rule Version

RHEL-06-000246

Severity Override Guidance

To check that the "avahi-daemon" service is disabled in system boot configuration, run the following command:

# chkconfig "avahi-daemon" --list

Output should indicate the "avahi-daemon" service has either not been installed, or has been disabled at all runlevels, as shown in the example below:

# chkconfig "avahi-daemon" --list
"avahi-daemon" 0:off 1:off 2:off 3:off 4:off 5:off 6:off

Run the following command to verify "avahi-daemon" is disabled through current runtime configuration:

# service avahi-daemon status

If the service is disabled the command will return the following output:

avahi-daemon is stopped


If the service is running, this is a finding.

Check Content Reference

M

Target Key

2367

Comments