Tuesday 1 January 2013

How to stop avahi-daemon from advertising on a network

The problem exists when a box decides to tell everyone on the network "hey, I have a VNC / SSH / Remote Disk connection, come and try me out!"  This can be evidenced by running the command 'avahi-browse -a' on the host pc with the services being advertised.

Some people go to lengths to kill of the daemon all-together, but there are some things avahi-daemon does with can be beneficial, other than advertising services.  Also killing off the avahi-daemon during runtime is difficult as alot of other things like talk to it.

All you need to do is modify the /etc/avahi/avahi-daemon.conf file.

uncomment and edit the line to read:
disable-publishing=yes

And then restart the service to make the changes stick
sudo service avahi-daemon restart

from the man page avahi-daemon.conf
disable-publishing= Takes a boolean value ("yes" or "no"). If set to "yes", no record will be  published  by Avahi, not even address records for the local host. Avahi will be started in a querying- only mode. Use this is a security measure. This option defaults to "no"

It's not all beer and skittles, clients looking for services on the host may throw up errors sometimes.



references:
man avahi-daemon
mon avahi-daemon.conf

WindyCityTech Blogger
WindyWindyCityTech Wordpress

No comments:

Post a Comment