Ensure LDAP client is not installed

An XCCDF Rule

Description

The Lightweight Directory Access Protocol (LDAP) is a service that provides a method for looking up information from a central database. The openldap2-client package can be removed with the following command:

$ sudo zypper remove openldap2-client

Rationale

If the system does not need to act as an LDAP client, it is recommended that the software is removed to reduce the potential attack surface.

ID: xccdf_org.ssgproject.content_rule_package_openldap-clients_removed
Severity: Low
References: 2.3.5

CCE-91681-7
Updated: about 1 month ago

Remediation Templates

include remove_openldap2-client
class remove_openldap2-client {
  package { 'openldap2-client':
    ensure => 'purged',
  }
}

- name: Ensure openldap2-client is removed
  package:
    name: openldap2-client
    state: absent
  tags:
  - CCE-91681-7  - disable_strategy
  - low_complexity
  - low_disruption
  - low_severity
  - no_reboot_needed
  - package_openldap-clients_removed

# CAUTION: This remediation script will remove openldap2-client
#	   from the system, and may remove any packages
#	   that depend on openldap2-client. Execute this
#	   remediation AFTER testing on a non-production
#	   system!

zypper remove -y "openldap2-client"

Ensure LDAP client is not installed

Description

Rationale

Remediation Templates

A Puppet Snippet

An Ansible Snippet

A Shell Script