Remove the FreeRadius Server Package
An XCCDF Rule
Description
The freeradius
package should be removed if not in use.
Is this system a RADIUS server? If not, remove the package.
The freeradius
package can be removed with the following command:
$ sudo dnf erase freeradiusThe freeradius RPM is not installed by default on a Red Hat Enterprise Linux 9 system. It is needed only by the RADIUS servers, not by the clients which use RADIUS for authentication. If the system is not intended for use as a RADIUS Server it should be removed.
Rationale
Unnecessary packages should not be installed to decrease the attack surface of the system. While this software is clearly essential on a RADIUS server, it is not necessary on typical desktop or workstation systems.
- ID
- xccdf_org.ssgproject.content_rule_package_freeradius_removed
- Severity
- Low
- Updated
Remediation - Anaconda Pre-Install Instructions
package --remove=freeradius
Remediation - Ansible
- name: Ensure freeradius is removed
package:
name: freeradius
state: absent
tags:
- disable_strategy
Remediation - Puppet
include remove_freeradius
class remove_freeradius {
package { 'freeradius':
ensure => 'purged',
}
Remediation - Shell Script
# CAUTION: This remediation script will remove freeradius
# from the system, and may remove any packages
# that depend on freeradius. Execute this
# remediation AFTER testing on a non-production
# system!