3.1.6 Restrict Published Information (if publishing is required) - publish-workstation=no

Information

If it is necessary to publish some information to the network, it should not be joined by any extraneous information or by information supplied by a non-trusted source on the system.

Rationale:

This option is most useful on client machines. Setting this option will prevent Avahi from advertising its services. Clients machines typically consume services rather than provide services.

Solution

Restrict publishing by editing the /etc/avahi/avahi-daemon.conf file as follows:

#!/bin/bash
grep '^disable-user-service-publishing=yes' /etc/avahi/avahi-daemon.conf
if [ $? -ne 0 ]
then
ed /etc/avahi/avahi-daemon.conf << END
g/ disable-publishing=yes /d
/^[publish]/
a
disable-publishing=yes
publish-address=no
publish-binfo=no
publish-workstation=no
publish-domain=no
.
w
q
END
fi

Default Value:

OS Default: N/A

See Also

https://workbench.cisecurity.org/files/3096

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CSCv6|9.1, CSCv7|9.2

Plugin: Unix

Control ID: 01ce8f736a593e33d1523904888945f99e64cd7a9465db4ec33547679c10531f