In 6 steps, in the general case, disable rogue services or services that are active yet unused and the associated LISTENING ports are often a security risk!
NOTE
You can substitute “cups” service removal for most other systemd Linux services, for example ssh on vulnerable port 22. Even previously harmless dbus.service has been weaponized by data mining criminals grabbing users data.
I use the extra simple Linux firewall ufw, but advanced users can use SeLinux port and service security filters. You are advised to see the link Ports Risks List.
Cups and cupsd ports like 631 (and others) are associated with security risks. You can detect active Linux network connected services with netstat.
1) Detect the rogue or not needed services and their risky ports
If you do not know what each service in the list is eg cupsd, look it up to see if it is needed. Port 631 is linked to a vulnerability.
2) Firewall Block High Risk Linux Ports and Services
Sure advanced users apply selinux rules, but simple firewalls do a great job.
Sadly printers are known for their deliberate ink ordering greedy embedded malware as well as hacker malware. Office and home devices that do not need to use a service (like printers) should have this ‘deny’ applied.
Selinux users can fine tune the risks, but still be able to use cupsd for printing (or indeed suppress all the _cups types). Follow this guide for cups with selinux.
3) Expose the Linux Service Sub-services to be Disabled
4) Disable the service you exposed after stopping it first
So by now the roach is “inactive, (dead)”, right?
WRONG it has service buddies that cause it to go “active (running)” hours later when you are not looking! Its legs are still twitching and it will get up and run, so you have more killing to do! Normally systemd starts services and they run automatically, you can manually override them by >> appending the word manual once only.
5) Remove Rogue Malware Linux Service Packages
You will be shocked to find that cups even when set to “disable” in step 4 has other baddie services that automatically revive it especially on a HP Server with stock Debian installed.
In this case “cups” has many hanging on services that can be removed.
NOTE
apt or apt-get applies to Debian/Mint/Ubuntu and dnf is for Fedora/Red-Hat/Centos.
If you purge, you also lose that services non-default settings. Settings that indeed may have been hacked. Do so with caution. The advantage is that if your config was hacked then that hack is also ‘purged’.
6) Test for More Rogue Linux Services after Reboot
“cups” is an example service, please look for others using the information below.
Desperado removal of services:
Systemd uses /etc/systemd/system/<service_name>
, /etc/systemd/system/<some_directory>/<service_name>
and /etc/init.d/<service_name>
to set them going. Moving those files and links away from their directories is bruit force, but works.