no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
| — | centos7:2:3:5 [2017/05/04 17:17] (current) – created Piotr Kłoczewski | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ======2.3.5 Ensure LDAP client is not installed (Scored)====== | ||
| + | =====Profile Applicability===== | ||
| + | < | ||
| + | Level 1 - Server | ||
| + | Level 1 - Workstation | ||
| + | </ | ||
| + | =====Description===== | ||
| + | The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database. | ||
| + | |||
| + | =====Rationale===== | ||
| + | If the system will not need to act as an LDAP client, it is recommended that the software be removed to reduce the potential attack surface.. | ||
| + | |||
| + | =====Audit===== | ||
| + | Run the following commands to verify '' | ||
| + | < | ||
| + | # rpm -q openldap-clients | ||
| + | package openldap-clients is not installed | ||
| + | </ | ||
| + | |||
| + | =====Remediation===== | ||
| + | Run the following command to uninstall '' | ||
| + | < | ||
| + | # yum remove openldap-clients | ||
| + | </ | ||
| + | |||
| + | =====Impact===== | ||
| + | Removing the LDAP client will prevent or inhibit using LDAP for authentication in your environment. | ||