Ensure LDAP client is not installed

An XCCDF Rule

Description

The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from a central database. The lapd-utils package can be removed with the following command:

$ apt-get remove lapd-utils

Rationale

If the system does not need to act as an LDAP client, it is recommended that the software is removed to reduce the potential attack surface.

ID: xccdf_org.ssgproject.content_rule_package_openldap-clients_removed
Severity: Low
Updated: about 1 year ago

- name: Ensure ldap-utils is removed
  package:
    name: ldap-utils
    state: absent
  tags:
  - disable_strategy  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - package_openldap-clients_removed

include remove_ldap-utils

class remove_ldap-utils {
  package { 'ldap-utils':
    ensure => 'purged',
  }}


# CAUTION: This remediation script will remove ldap-utils
#	   from the system, and may remove any packages
#	   that depend on ldap-utils. Execute this
#	   remediation AFTER testing on a non-production
#	   system!
DEBIAN_FRONTEND=noninteractive apt-get remove -y "ldap-utils"

Ensure LDAP client is not installed

Description

Rationale

Remediation - Ansible

Remediation - Puppet

Remediation - Shell Script