{"description": "\nThe <code>dnsmasq</code> service can be disabled with the following command:\n<pre>$ sudo systemctl mask --now dnsmasq.service</pre>", "rationale": "Unless a system is specifically designated to act as a DNS\ncaching, DNS forwarding and/or DHCP server, it is recommended\nthat the package be removed to reduce the potential attack surface.", "severity": "medium", "references": {"cis": ["2.1.5"]}, "control_references": {"cis": ["2.1.5"]}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {"check-import": "stdout", "platform": ["multi_platform_all"], "environment": "any", "filename": "service_dnsmasq_disabled.sh", "relative_path": "ubuntu2204/checks/sce/service_dnsmasq_disabled.sh"}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Disable dnsmasq Service", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/dns/service_dnsmasq_disabled/rule.yml", "template": {"name": "service_disabled", "vars": {"servicename": "dnsmasq"}, "backends": {}}}