1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
{{% if product in ["sle12", "sle15"] %}}
{{% set package_name = "openldap2-client" %}}
{{% elif "ubuntu" in product %}}
{{% set package_name = "lapd-utils" %}}
{{% else %}}
{{% set package_name = "openldap-clients" %}}
{{% endif %}}
documentation_complete: true
title: 'Ensure LDAP client is not installed'
description: |-
The Lightweight Directory Access Protocol (LDAP) is a service that provides
a method for looking up information from a central database.
{{{ describe_package_remove( package_name ) }}}
rationale:
If the system does not need to act as an LDAP client, it is recommended that the software is
removed to reduce the potential attack surface.
severity: low
identifiers:
cce@rhel8: CCE-82885-5
cce@rhel9: CCE-90831-9
cce@rhel10: CCE-90641-2
cce@sle12: CCE-91681-7
cce@sle15: CCE-91310-3
cce@slmicro5: CCE-93914-0
references:
cis@sle12: 2.3.5
cis@sle15: 2.3.5
cis@slmicro5: 2.3.5
cis@ubuntu2004: 2.3.5
cis@ubuntu2204: 2.3.5
ocil_clause: 'the package is installed'
ocil: |-
{{{ ocil_package(package_name) }}}
template:
name: package_removed
vars:
pkgname: openldap-clients
pkgname@sle12: openldap2-client
pkgname@sle15: openldap2-client
pkgname@slmicro5: openldap2-client
pkgname@ubuntu1604: ldap-utils
pkgname@ubuntu1804: ldap-utils
pkgname@ubuntu2004: ldap-utils
pkgname@ubuntu2204: ldap-utils
pkgname@ubuntu2404: ldap-utils
|
