Disable LDAP Server (slapd)
An XCCDF Rule
Description
The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from a central database.
Rationale
If the system will not need to act as an LDAP server, it is recommended that the software be disabled to reduce the potential attack surface.
- ID
- xccdf_org.ssgproject.content_rule_service_slapd_disabled
- Severity
- Medium
- Updated
Remediation - Puppet
include disable_slapd
class disable_slapd {
service {'slapd':
enable => false,
ensure => 'stopped',
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- disable_strategy
- low_complexity
Remediation - OS Build Blueprint
[customizations.services]
masked = ["slapd"]
Remediation - script:kickstart
service disable slapd
Remediation - Kubernetes Patch
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
config:
ignition:
version: 3.1.0
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q kernel; then
SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" stop 'slapd.service'
"$SYSTEMCTL_EXEC" disable 'slapd.service'