CCE-92592-5Platform: oel7 | Date: (C)2019-11-07 (M)2022-10-10 |
Disable Print Server Capabilities
To prevent remote users from potentially connecting to and using
locally configured printers, disable the CUPS print server sharing
capabilities. To do so, limit how the server will listen for print jobs by
removing the more generic port directive from /etc/cups/cupsd.conf:
'Port 631'
and replacing it with the 'Listen' directive:
'Listen localhost:631'
This will prevent remote users from printing to locally configured printers
while still allowing local users on the machine to print normally.
Parameter:
Technical Mechanism:
By default, locally configured printers will not be shared over the
network, but if this functionality has somehow been enabled, these
recommendations will disable it again. Be sure to disable outgoing printer list
broadcasts, or remote users will still be able to see the locally configured
printers, even if they cannot actually print to them. To limit print serving to
a particular set of users, use the Policy directive.
Fix:
No Remediation Info
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:49534 |