Disable LDAP Server (slapd)
An XCCDF Rule
Description
The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from a central database.
Rationale
If the system will not need to act as an LDAP server, it is recommended that the software be disabled to reduce the potential attack surface.
- ID
- xccdf_org.ssgproject.content_rule_service_slapd_disabled
- Severity
- Medium
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" stop 'slapd.service'
"$SYSTEMCTL_EXEC" disable 'slapd.service'
Remediation - Kubernetes Patch
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
config:
ignition:
version: 3.1.0
Remediation - OS Build Blueprint
[customizations.services]
disabled = ["slapd"]
Remediation - Puppet
include disable_slapd
class disable_slapd {
service {'slapd':
enable => false,
ensure => 'stopped',
Remediation - Ansible
- name: Block Disable service slapd
block:
- name: Disable service slapd
block: