sudo netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 496/systemd-resolve
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 108062/cupsd
tcp6 0 0 ::1:631 :::* LISTEN 108062/cupsd
udp 0 0 127.0.0.53:53 0.0.0.0:* 496/systemd-resolve
udp 0 0 0.0.0.0:631 0.0.0.0:* 108063/cups-browsed
udp 0 0 0.0.0.0:43546 0.0.0.0:* 506/avahi-daemon: r
udp 0 0 224.0.0.251:5353 0.0.0.0:* 108351/chrome
udp 0 0 0.0.0.0:5353 0.0.0.0:* 506/avahi-daemon: r
udp6 0 0 :::6666 :::* 1242/qlipper
udp6 0 0 :::34940 :::* 506/avahi-daemon: r
udp6 0 0 :::5353 :::* 506/avahi-daemon: r
.
sudo killall cupsd
.
sudo netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 496/systemd-resolve
udp 0 0 127.0.0.53:53 0.0.0.0:* 496/systemd-resolve
udp 0 0 0.0.0.0:631 0.0.0.0:* 108063/cups-browsed
udp 0 0 0.0.0.0:43546 0.0.0.0:* 506/avahi-daemon: r
udp 0 0 224.0.0.251:5353 0.0.0.0:* 108351/chrome
udp 0 0 0.0.0.0:5353 0.0.0.0:* 506/avahi-daemon: r
udp6 0 0 :::6666 :::* 1242/qlipper
udp6 0 0 :::34940 :::* 506/avahi-daemon: r
udp6 0 0 :::5353 :::* 506/avahi-daemon: r
.
sudo ss -tulp
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 127.0.0.53%lo:domain 0.0.0.0:* users:(("systemd-resolve",pid=496,fd=12))
udp UNCONN 0 0 0.0.0.0:631 0.0.0.0:* users:(("cups-browsed",pid=108063,fd=7))
udp UNCONN 0 0 0.0.0.0:43546 0.0.0.0:* users:(("avahi-daemon",pid=506,fd=14))
udp UNCONN 0 0 224.0.0.251:mdns 0.0.0.0:* users:(("chrome",pid=108351,fd=191))
udp UNCONN 0 0 0.0.0.0:mdns 0.0.0.0:* users:(("avahi-daemon",pid=506,fd=12))
udp UNCONN 0 0 *:6666 *:* users:(("qlipper",pid=1242,fd=13))
udp UNCONN 0 0 [::]:34940 [::]:* users:(("avahi-daemon",pid=506,fd=15))
udp UNCONN 0 0 [::]:mdns [::]:* users:(("avahi-daemon",pid=506,fd=13))
tcp LISTEN 0 4096 127.0.0.53%lo:domain 0.0.0.0:* users:(("systemd-resolve",pid=496,fd=13))
Just for security reasons. Because I will never use the printer for this system, how to completely block the cupsd service forever, so it will not let port 631 port beeing exploitable? Are these the right command?
systemctl mask cupsd
systemctl disable cups.service cups.socket cups.path
Because I am not so advanced, could these commands make more damages for the OS then helping it being more secure?
What about avahi-daemon and qlipper, are these services vital for the OS, or could them be blocked completely, forever?
systemctl --reverse list-dependencies avahi-daemon.service
avahi-daemon.service
● ├─cups-browsed.service
● └─multi-user.target
● └─graphical.target
.
systemctl --reverse list-dependencies qlipper.service
qlipper.service
EDIT:
Done it:
killall cupsd avahi-daemon qlipper
systemctl mask cupsd avahi-daemon qlipper
systemctl disable cups.service cups.socket cups.path cups-browsed.service multi-user.target graphical.target qlipper
Now:
sudo netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 496/systemd-resolve
udp 0 0 127.0.0.53:53 0.0.0.0:* 496/systemd-resolve
udp 0 0 224.0.0.251:5353 0.0.0.0:* 108388/chrome --typ
udp 0 0 224.0.0.251:5353 0.0.0.0:* 108351/chrome
Regards.
avahi-daemon
With regards
avahi-daemon, do you use it on your network? or is the machine stand-alone? and you don't access other devices on your local network exp. via zeroconf (easy) methods. You haven't provided enough details as to how you use your machine to know if you'll miss it. I used aavahi-browsercommand to explore my own local network, and I wouldn't miss it; but your usage may differ to my own. I experienced no consequences with it stopped, but again I don't use anything it provides.qlipper
I was actually surprised to see
qlipperinnetstatoutput... (as were others in chat on Lubuntu IRC), but I can't see any issues if it was stopped. The manual tells you how to re-start it if required (https://manual.lubuntu.me/stable/2/2.4/2.4.5/Qlipper.html), and the start is visible & easily disabled/deleted (in "Application Autostart" under "LXQt Autostart").You didn't provide a release, so I'm basing it on my own (testing on two releases actually)
The networking feature is "experimental" (https://github.com/pvanek/qlipper/blob/master/CMakeLists.txt#L50) and maybe disabled (turned off) in Lubuntu in the future... but discussions are still on-going (lubuntu devs on IRC)
Networking was enabled in upstream Debian (https://salsa.debian.org/lxqt-team/qlipper/-/commit/a842f39cb3ea7cccd2f919a370babb29ae1b71e6) & change flowed thru to us.
Lubuntu is now maintainer of
qlipper(rather than using Debian's package), and we've turned off networking.. (which we consider best practices).. You didn't specify a release, but development is hirsute currently so that's where the change I'm talking about will take effect.Thanks for alerting us to the rabbit hole that
qlipperhad become.Most thanks to @wxl who did ~95% of the work :)
this 'answer' is mostly just comments made above. had you specified a release, I'd have confined my comments to that release, instead I've used whatever was handy which includes focal, groovy & hirsute