Skip to content

Disable LDAP Server (slapd)

An XCCDF Rule

Description

The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from a central database.

Rationale

If the system will not need to act as an LDAP server, it is recommended that the software be disabled to reduce the potential attack surface.

ID
xccdf_org.ssgproject.content_rule_service_slapd_disabled
Severity
Medium
Updated



Remediation - Puppet

include disable_slapd

class disable_slapd {
  service {'slapd':
    enable => false,
    ensure => 'stopped',

Remediation - Ansible

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - disable_strategy
  - low_complexity

Remediation - OS Build Blueprint


[customizations.services]
masked = ["slapd"]