Ensure LDAP client is not installed

An XCCDF Rule

Description

The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from a central database. The openldap-clients package can be removed with the following command:

$ sudo yum erase openldap-clients

Rationale

If the system does not need to act as an LDAP client, it is recommended that the software is removed to reduce the potential attack surface.

ID: xccdf_org.ssgproject.content_rule_package_openldap-clients_removed
Severity: Low
References: CCE-82885-5

2.3.2
Updated: about 1 month ago

Remediation Templates

- name: Ensure openldap-clients is removed
  package:
    name: openldap-clients
    state: absent
  tags:
  - CCE-82885-5  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - package_openldap-clients_removed

package remove openldap-clients

dnf remove openldap-clients

include remove_openldap-clients
class remove_openldap-clients {
  package { 'openldap-clients':
    ensure => 'purged',
  }
}

package --remove=openldap-clients

# CAUTION: This remediation script will remove openldap-clients
#	   from the system, and may remove any packages
#	   that depend on openldap-clients. Execute this
#	   remediation AFTER testing on a non-production
#	   system!
if rpm -q --quiet "openldap-clients" ; then
yum remove -y "openldap-clients"
fi

Ensure LDAP client is not installed

Description

Rationale

Remediation Templates

An Ansible Snippet

script:kickstart

script:bootc

A Puppet Snippet

Anaconda Pre-Install Instructions

A Shell Script