skip to main content
Caltech
Information Management Systems and Services
IMSS  /  News  /  Disable CUPS on Linux

Disable CUPS on Linux

November 06, 2024

There are a number of recently discovered vulnerabilities in the Common UNIX Printing System (CUPS) which is installed by default on a number of Linux systems. Linux servers rarely need to print. It is strongly advised that you disable CUPS on all your Linux servers.

Disable CUPS

To disable CUPS - including preventing it from restarting after a reboot - please follow these steps:

Stop the CUPS Service:

sudo systemctl stop cups

Disable the CUPS Service: This will prevent CUPS from starting automatically at boot.

sudo systemctl disable cups

Stop the CUPS Browsed Service (if running):

sudo systemctl stop cups-browsed

Disable the CUPS Browsed Service:

sudo systemctl disable cups-browsed

Verify the Status: Check the status to ensure that CUPS is stopped and disabled.

sudo systemctl status cups
sudo systemctl status cups-browsed

Temporarily Reenable CUPS

If you need to re-enable CUPS in the future, you can use the following commands:

Start the CUPS Service:

sudo systemctl start cups

Enable the CUPS Service:

sudo systemctl enable cups

Start the CUPS Browsed Service (if needed):

sudo systemctl start cups-browsed

Enable the CUPS Browsed Service:

sudo systemctl enable cups-browsed

Risk Mitigation

If CUPS is required to run, please follow the following steps to mitigate the risks:

  • Disable Unnecessary Services: Disable the cups-browsed service if it is not needed:
sudo systemctl stop cups-browsed
sudo systemctl disable cups-browsed
  • Apply Security Updates: Regularly update CUPS and related packages to the latest versions to ensure all security patches are applied. Once you have applied the updates, be sure to restart the service to be sure you are using the latest code:
sudo systemctl restart cups.service
  • Restrict Network Access: Use firewalls to block access to CUPS services from untrusted networks, especially port 631 used by IPP.
  • Regular Audits: Conduct regular security audits and vulnerability assessments to identify and address potential security issues.
  • Monitor Logs: Keep an eye on CUPS logs for any unusual activity that might indicate an attempted or successful exploit.

Please see our Securing Printers page for additional details about restricting access to your printers.