This shows you the differences between two versions of the page.

Link to this comparison view

centos7:2:3:5 [2017/05/04 15:17] (current)
Piotr Kłoczewski created
Line 1: Line 1:
 +======2.3.5 Ensure LDAP client is not installed (Scored)======
 +=====Profile Applicability=====  ​
 +Level 1 - Server
 +Level 1 - Workstation ​
 +The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database.
 +If the system will not need to act as an LDAP client, it is recommended that the software be removed to reduce the potential attack surface..
 +=====Audit===== ​
 +Run the following commands to verify ''​openldap-clients''​ is not installed:
 +# rpm -q openldap-clients ​
 +package openldap-clients is not installed
 +=====Remediation===== ​
 +Run the following command to uninstall ''​openldap-clients'':​
 +# yum remove openldap-clients
 +=====Impact===== ​
 +Removing the LDAP client will prevent or inhibit using LDAP for authentication in your environment.