no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | centos7:2:3:5 [2017/05/04 17:17] (current) – created Piotr Kłoczewski | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ======2.3.5 Ensure LDAP client is not installed (Scored)====== | ||
+ | =====Profile Applicability===== | ||
+ | < | ||
+ | Level 1 - Server | ||
+ | Level 1 - Workstation | ||
+ | </ | ||
+ | =====Description===== | ||
+ | The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database. | ||
+ | |||
+ | =====Rationale===== | ||
+ | If the system will not need to act as an LDAP client, it is recommended that the software be removed to reduce the potential attack surface.. | ||
+ | |||
+ | =====Audit===== | ||
+ | Run the following commands to verify '' | ||
+ | < | ||
+ | # rpm -q openldap-clients | ||
+ | package openldap-clients is not installed | ||
+ | </ | ||
+ | |||
+ | =====Remediation===== | ||
+ | Run the following command to uninstall '' | ||
+ | < | ||
+ | # yum remove openldap-clients | ||
+ | </ | ||
+ | |||
+ | =====Impact===== | ||
+ | Removing the LDAP client will prevent or inhibit using LDAP for authentication in your environment. |