Lucene search
K

Do Not Install the Avahi Service

🗓️ 07 May 2025 00:00:00Reported by Copyright (C) 2025 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 5 Views

Avoid installing Avahi service as it wastes resources and increases attack risks with service discovery.

Code
# SPDX-FileCopyrightText: 2025 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

# ------------------------------------------------------------------
# METADATA
# ------------------------------------------------------------------

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.130438");
  script_version("2025-11-21T05:40:28+0000");
  script_tag(name:"last_modification", value:"2025-11-21 05:40:28 +0000 (Fri, 21 Nov 2025)");
  script_tag(name:"creation_date", value:"2025-05-07 11:45:56 +0000 (Wed, 07 May 2025)");
  script_tag(name:"cvss_base", value:"0.0");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:S/C:N/I:N/A:N");
  script_tag(name:"qod", value:"97");

  script_name("Do Not Install the Avahi Service");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2025 Greenbone AG");
  script_family("Policy");
  script_dependencies("compliance_tests.nasl", "compliance_os_check.nasl");

  script_mandatory_keys("Compliance/Launch", "policy/ssh/login/euleros_openeuler");

  script_xref(name:"Policy", value:"EulerOS Baseline: openEuler Security Configuration Baseline (v1.0.0): 1. Initial deployment: 1.2 Software: 1.2.9 Do Not Install the Avahi Service (Requirement)");
  script_xref(name:"Policy", value:"openEuler Baseline: openEuler Security Configuration Baseline (v1.0.0): 1. Initial deployment: 1.2 Software: 1.2.9 Do Not Install the Avahi Service (Requirement)");

  script_tag(name:"summary", value:"Avahi is a zero-configuration networking implementation,
including a system for multicast DNS/DNS-SD service discovery and automatic broadcast. For example,
you can connect a server to the network and use Avahi to automatically broadcast network services
running on the server for other user to access. In most cases, services do not need to be
automatically discovered or broadcast. If the Avahi service is enabled unnecessarily, system
resources are wasted and the attack surface is expanded. In this case, attackers can easily obtain
service information on the server and launch targeted attacks.");

  exit(0);
}

include("ssh_func.inc");
include("host_details.inc");
include("policy_reporting_module.inc");

title = "Do Not Install the Avahi Service";

solution = "Run yum or dnf to remove the Avahi component from a server.

# yum remove avahi

Or

# dnf remove avahi";

check_type = "SSH_Cmd";

action = 'Run the command in the terminal:
# systemctl is-enabled avahi-daemon';

expected_value = 'The output should be equal to "disabled" or be equal to "not-found" or contain "Failed to get unit file state"';

# ------------------------------------------------------------------
# CONNECTION CHECK
# ------------------------------------------------------------------

if(!get_kb_item("login/SSH/success") || !sock = ssh_login_or_reuse_connection()){

  report_ssh_error(title: title,
                   solution: solution,
                   action: action,
                   expected_value: expected_value,
                   check_type: check_type);
  exit(0);
}

# ------------------------------------------------------------------
# CHECK : Check if the avahi service is enabled
# ------------------------------------------------------------------

step_cmd = 'systemctl is-enabled avahi-daemon';
actual_value = ssh_cmd(socket:sock, cmd:step_cmd, return_errors:TRUE, return_linux_errors_only:TRUE);

if(eregmatch(string: actual_value, pattern:"(No such file or directory|Permission denied|Command not found|Segmentation fault|service not found|is not running|syntax error near unexpected token|syntax error: unexpected end of file)", icase: TRUE)){
  compliant = "incomplete";
  comment = "Something went wrong during the audit check. Please try again.";
}else if(actual_value == 'disabled' || actual_value == 'not-found' || strstr(actual_value, 'Failed to get unit file state')){
  compliant = "yes";
  comment = "Check passed";
}else{
  compliant = "no";
  comment = "Check failed";
}

# ------------------------------------------------------------------
# REPORT
# ------------------------------------------------------------------

target = get_kb_item("policy/ssh/login/os-release");
comment = "Target: " + target + "\n" + comment;

report_audit(action: action,
             actual_value: actual_value,
             expected_value: expected_value,
             is_compliant: compliant,
             solution: solution,
             check_type: check_type,
             title: title,
             comment: comment);

exit(0);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation