Differences

This shows you the differences between two versions of the page.

Link to this comparison view

centos7:2:3:5 [2017/05/04 15:17] (current)
Piotr Kłoczewski created
Line 1: Line 1:
 +======2.3.5 Ensure LDAP client is not installed (Scored)======
 +=====Profile Applicability=====  ​
 +<​code>​
 +Level 1 - Server
 +Level 1 - Workstation ​
 +</​code>​
  
 +=====Description=====
 +The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database.
 +
 +=====Rationale=====
 +If the system will not need to act as an LDAP client, it is recommended that the software be removed to reduce the potential attack surface..
 +
 +=====Audit===== ​
 +Run the following commands to verify ''​openldap-clients''​ is not installed:
 +<​Code:​bash>​
 +# rpm -q openldap-clients ​
 +package openldap-clients is not installed
 +</​Code>​
 +
 +=====Remediation===== ​
 +Run the following command to uninstall ''​openldap-clients'':​
 +<​Code:​bash>​
 +# yum remove openldap-clients
 +</​Code>​
 +
 +=====Impact===== ​
 +Removing the LDAP client will prevent or inhibit using LDAP for authentication in your environment.