Differences
This shows you the differences between two versions of the page.
| — |
centos7:2:3:5 [2017/05/04 15:17] (current) Piotr Kłoczewski created |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ======2.3.5 Ensure LDAP client is not installed (Scored)====== | ||
| + | =====Profile Applicability===== | ||
| + | <code> | ||
| + | Level 1 - Server | ||
| + | Level 1 - Workstation | ||
| + | </code> | ||
| + | =====Description===== | ||
| + | The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database. | ||
| + | |||
| + | =====Rationale===== | ||
| + | If the system will not need to act as an LDAP client, it is recommended that the software be removed to reduce the potential attack surface.. | ||
| + | |||
| + | =====Audit===== | ||
| + | Run the following commands to verify ''openldap-clients'' is not installed: | ||
| + | <Code:bash> | ||
| + | # rpm -q openldap-clients | ||
| + | package openldap-clients is not installed | ||
| + | </Code> | ||
| + | |||
| + | =====Remediation===== | ||
| + | Run the following command to uninstall ''openldap-clients'': | ||
| + | <Code:bash> | ||
| + | # yum remove openldap-clients | ||
| + | </Code> | ||
| + | |||
| + | =====Impact===== | ||
| + | Removing the LDAP client will prevent or inhibit using LDAP for authentication in your environment. | ||
Piotr Kłoczewski
