2.2.6 Ensure LDAP server is not enabled (Scored)

Level 1 - Server
Level 1 - Workstation 

The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database.

If the system will not need to act as an LDAP server, it is recommended that the software be disabled to reduce the potential attack surface.

Run the following commands to verify slapd is not enabled:

# systemctl is-enabled slapd 

Verify result is not “enabled”.

Run the following command to disable slapd:

# systemctl disable slapd 

For more detailed documentation on OpenLDAP, go to the project homepage at http://www.openldap.org.

  • centos7/2/2/6.txt
  • Last modified: 2017/05/04 16:45
  • by Piotr Kłoczewski