Ensure LDAP client is not installed

An XCCDF Rule

Description

The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from a central database. The openldap-clients package can be removed with the following command:

$ sudo yum erase openldap-clients

Rationale

If the system does not need to act as an LDAP client, it is recommended that the software is removed to reduce the potential attack surface.

ID: xccdf_org.ssgproject.content_rule_package_openldap-clients_removed
Severity: Low
References: CCE-82885-5

2.3.2
Updated: about 1 year ago


package --remove=openldap-clients

- name: Ensure openldap-clients is removed
  package:
    name: openldap-clients
    state: absent
  tags:
  - CCE-82885-5  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - package_openldap-clients_removed

include remove_openldap-clients

class remove_openldap-clients {
  package { 'openldap-clients':
    ensure => 'purged',
  }}


# CAUTION: This remediation script will remove openldap-clients
#	   from the system, and may remove any packages
#	   that depend on openldap-clients. Execute this
#	   remediation AFTER testing on a non-production
#	   system!
if rpm -q --quiet "openldap-clients" ; then

    yum remove -y "openldap-clients"

fi

Ensure LDAP client is not installed

Description

Rationale

Remediation - Anaconda Pre-Install Instructions

Remediation - Ansible

Remediation - Puppet

Remediation - Shell Script