Way Too Much Ubuntu
OK
So the idea is that CUPS is useful if you are on a local network? Other people on your local network can print out files that you send them, to give but one practical example?
However, I'd still like to hear more about why various websites warn about liabilities associated with CUPS and port 631 (which is why I started this thread). Even if chances are slim.
What are the security risks, including in cases when you are not on a local network?
Ubuntu Member
If you don't use a service and it is listening then it is offering you no benefit and exposes your system (in some way) to attack. This is part of basic hardening. I believe the CUPS packages are part of the "ubuntu-desktop" meta-package which is probably why they are being reinstalled occasionally.
Oops! My Coffee Cup is empty.
cupds
Last edited by currentshaft; 2 Weeks Ago at 04:29 AM.
Woof
It is possible to reconfigure the cups print spooler process to listen for external connections instead of just local processes (listen on 0.0.0.0 instead of 172.0.0.1). This allows other computers to send prints to your printers, read printer properties, ink levels, print queue properties etc. If you wanted other 'puters to be able to do that, you might want to limit which addresses can do that even though the service is password protected.
On top of that, any service that outside folk can connect to just might have a vulnerability that can be abused to hijack your computer.
Way Too Much Ubuntu
Thanks for the heads up and your explanation that a listening service like CUPS, unused, might expose one's system to an attack.
Originally Posted by ActionParsnip
Way Too Much Ubuntu
[
Thanks for this helpful addition to ActionParsnip's comment about unused services like CUPS posing a potential security risk.
I have no intention of using CUPS now or in the future -- my system is a personal Lenovo laptop that is not part of a network of computers. Any rare printing I do is for personal use, on paper, on a Brother printer.
I just entered the disable-cups command that Rubi1200 suggested in a post above.
Can you or someone else explain to me if the return output looks right?
What does "multi-user.target.wants" stand for?
And does this mean that cups won't be coming back, not even through an ubuntu update?
Code:sudo systemctl disable cups [sudo] password for XXX: Synchronizing state of cups.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install disable cups Removed /etc/systemd/system/multi-user.target.wants/cups.service. Removed /etc/systemd/system/multi-user.target.wants/cups.path. Removed /etc/systemd/system/sockets.target.wants/cups.socket. Removed /etc/systemd/system/printer.target.wants/cups.service.
Last edited by bhubunt; May 18th, 2024 at 08:29 AM.
Woof
Yes, that disabled the cups service. Which was not accessible over the network anyway. If you can't print to a local printer or to pdf files any more, you know why.
What about cups-browsed, the one that is accessible across the network? Did you disable that or is it still listening?
Way Too Much Ubuntu
Thanks for the reply.
For future reference:
If I change my mind and want to enable CUPS again at boot startup, what is the command line?
I disabled cups-browsed
Code:Synchronizing state of cups-browsed.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install disable cups-browsed Removed /etc/systemd/system/multi-user.target.wants/cups-browsed.service.
Last edited by bhubunt; May 18th, 2024 at 08:53 AM.
Staff Emeritus
If you change your mind and want to enable CUPS at boot this is the command:
Can I suggest something?Code:sudo systemctl enable cups
Keep a text document with a list of commands you used with enable and disable parameters. Good as a handy reference tool.
Oops! My Coffee Cup is empty.
D>
Last edited by currentshaft; 2 Weeks Ago at 04:29 AM.
Posting Permissions
Adv Reply
Bookmarks