# SPDX-FileCopyrightText: 2025 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
# ------------------------------------------------------------------
# METADATA
# ------------------------------------------------------------------
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.130438");
script_version("2025-11-21T05:40:28+0000");
script_tag(name:"last_modification", value:"2025-11-21 05:40:28 +0000 (Fri, 21 Nov 2025)");
script_tag(name:"creation_date", value:"2025-05-07 11:45:56 +0000 (Wed, 07 May 2025)");
script_tag(name:"cvss_base", value:"0.0");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:S/C:N/I:N/A:N");
script_tag(name:"qod", value:"97");
script_name("Do Not Install the Avahi Service");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2025 Greenbone AG");
script_family("Policy");
script_dependencies("compliance_tests.nasl", "compliance_os_check.nasl");
script_mandatory_keys("Compliance/Launch", "policy/ssh/login/euleros_openeuler");
script_xref(name:"Policy", value:"EulerOS Baseline: openEuler Security Configuration Baseline (v1.0.0): 1. Initial deployment: 1.2 Software: 1.2.9 Do Not Install the Avahi Service (Requirement)");
script_xref(name:"Policy", value:"openEuler Baseline: openEuler Security Configuration Baseline (v1.0.0): 1. Initial deployment: 1.2 Software: 1.2.9 Do Not Install the Avahi Service (Requirement)");
script_tag(name:"summary", value:"Avahi is a zero-configuration networking implementation,
including a system for multicast DNS/DNS-SD service discovery and automatic broadcast. For example,
you can connect a server to the network and use Avahi to automatically broadcast network services
running on the server for other user to access. In most cases, services do not need to be
automatically discovered or broadcast. If the Avahi service is enabled unnecessarily, system
resources are wasted and the attack surface is expanded. In this case, attackers can easily obtain
service information on the server and launch targeted attacks.");
exit(0);
}
include("ssh_func.inc");
include("host_details.inc");
include("policy_reporting_module.inc");
title = "Do Not Install the Avahi Service";
solution = "Run yum or dnf to remove the Avahi component from a server.
# yum remove avahi
Or
# dnf remove avahi";
check_type = "SSH_Cmd";
action = 'Run the command in the terminal:
# systemctl is-enabled avahi-daemon';
expected_value = 'The output should be equal to "disabled" or be equal to "not-found" or contain "Failed to get unit file state"';
# ------------------------------------------------------------------
# CONNECTION CHECK
# ------------------------------------------------------------------
if(!get_kb_item("login/SSH/success") || !sock = ssh_login_or_reuse_connection()){
report_ssh_error(title: title,
solution: solution,
action: action,
expected_value: expected_value,
check_type: check_type);
exit(0);
}
# ------------------------------------------------------------------
# CHECK : Check if the avahi service is enabled
# ------------------------------------------------------------------
step_cmd = 'systemctl is-enabled avahi-daemon';
actual_value = ssh_cmd(socket:sock, cmd:step_cmd, return_errors:TRUE, return_linux_errors_only:TRUE);
if(eregmatch(string: actual_value, pattern:"(No such file or directory|Permission denied|Command not found|Segmentation fault|service not found|is not running|syntax error near unexpected token|syntax error: unexpected end of file)", icase: TRUE)){
compliant = "incomplete";
comment = "Something went wrong during the audit check. Please try again.";
}else if(actual_value == 'disabled' || actual_value == 'not-found' || strstr(actual_value, 'Failed to get unit file state')){
compliant = "yes";
comment = "Check passed";
}else{
compliant = "no";
comment = "Check failed";
}
# ------------------------------------------------------------------
# REPORT
# ------------------------------------------------------------------
target = get_kb_item("policy/ssh/login/os-release");
comment = "Target: " + target + "\n" + comment;
report_audit(action: action,
actual_value: actual_value,
expected_value: expected_value,
is_compliant: compliant,
solution: solution,
check_type: check_type,
title: title,
comment: comment);
exit(0);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation