Skip to content

Disable LDAP Server (slapd)

An XCCDF Rule

Description

The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from a central database.

Rationale

If the system will not need to act as an LDAP server, it is recommended that the software be disabled to reduce the potential attack surface.

ID
xccdf_org.ssgproject.content_rule_service_slapd_disabled
Severity
Medium
Updated



Remediation - OS Build Blueprint


[customizations.services]
disabled = ["slapd"]

Remediation - Puppet

include disable_slapd

class disable_slapd {
  service {'slapd':
    enable => false,
    ensure => 'stopped',

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" stop 'slapd.service'
"$SYSTEMCTL_EXEC" disable 'slapd.service'

Remediation - Kubernetes Patch

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
  config:
    ignition:
      version: 3.1.0

Remediation - Ansible

- name: Block Disable service slapd
  block:

  - name: Disable service slapd
    block: