Remove the FreeRadius Server Package

An XCCDF Rule

Description

The freeradius package should be removed if not in use. Is this system a RADIUS server? If not, remove the package. The freeradius package can be removed with the following command:

$ sudo yum erase freeradius

The freeradius RPM is not installed by default on a Red Hat Enterprise Linux 7 system. It is needed only by the RADIUS servers, not by the clients which use RADIUS for authentication. If the system is not intended for use as a RADIUS Server it should be removed.

Rationale

Unnecessary packages should not be installed to decrease the attack surface of the system. While this software is clearly essential on a RADIUS server, it is not necessary on typical desktop or workstation systems.

ID: xccdf_org.ssgproject.content_rule_package_freeradius_removed
Severity: Low
References: CCE-82751-9
Updated: about 1 year ago


package --remove=freeradius

- name: Ensure freeradius is removed
  package:
    name: freeradius
    state: absent
  tags:
  - CCE-82751-9  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - package_freeradius_removed

include remove_freeradius

class remove_freeradius {
  package { 'freeradius':
    ensure => 'purged',
  }}


# CAUTION: This remediation script will remove freeradius
#	   from the system, and may remove any packages
#	   that depend on freeradius. Execute this
#	   remediation AFTER testing on a non-production
#	   system!
if rpm -q --quiet "freeradius" ; then

    yum remove -y "freeradius"

fi

Remove the FreeRadius Server Package

Description

Rationale

Remediation - Anaconda Pre-Install Instructions

Remediation - Ansible

Remediation - Puppet

Remediation - Shell Script