File: rule.yml

package info (click to toggle)
scap-security-guide 0.1.76-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 110,644 kB
  • sloc: xml: 241,883; sh: 73,777; python: 32,527; makefile: 27
file content (70 lines) | stat: -rw-r--r-- 2,558 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
{{% if product in ["sle12", "sle15"] %}}
{{% set package_name = "openldap2" %}}
{{% set run_cmd = "$ rpm -q openldap2" %}}
{{% elif "ubuntu" in product %}}
{{% set package_name = "slapd" %}}
{{% set run_cmd = "$ dpkg -l slapd" %}}
{{% else %}}
{{% set package_name = "openldap-servers" %}}
{{% set run_cmd = "$ rpm -q openldap-servers" %}}
{{% endif %}}

documentation_complete: true

title: 'Uninstall openldap-servers Package'

description: |-
    The {{{ package_name }}} package is not installed by default on a {{{ full_name }}}
    system. It is needed only by the OpenLDAP server, not by the
    clients which use LDAP for authentication. If the system is not
    intended for use as an LDAP Server it should be removed.

rationale: |-
    Unnecessary packages should not be installed to decrease the attack
    surface of the system.  While this software is clearly essential on an LDAP
    server, it is not necessary on typical desktop or workstation systems.

severity: low

identifiers:
    cce@rhel8: CCE-82415-1
    cce@sle12: CCE-91640-3
    cce@sle15: CCE-91283-2
    cce@slmicro5: CCE-93913-2

references:
    cis-csc: 11,14,3,9
    cis@sle12: 2.2.6
    cis@sle15: 2.2.6
    cis@slmicro5: 2.2.6
    cis@ubuntu2004: 2.2.6
    cis@ubuntu2204: 2.2.5
    cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
    disa: CCI-000366
    isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
    isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'
    iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2
    nist: CM-7(a),CM-7(b),CM-6(a)
    nist-csf: PR.IP-1,PR.PT-3

ocil_clause: "it does not"

ocil: |-
    To verify the <tt>{{{ package_name }}}</tt> package is not installed, run the
    following command:
    <pre>{{{ run_cmd }}}</pre>
    The output should show the following:
    <pre>package {{{ package_name }}} is not installed</pre>

template:
    name: package_removed
    vars:
        pkgname: openldap-servers
        pkgname@sle12: openldap2
        pkgname@sle15: openldap2
        pkgname@slmicro5: openldap2
        pkgname@ubuntu1604: slapd
        pkgname@ubuntu1804: slapd
        pkgname@ubuntu2004: slapd
        pkgname@ubuntu2204: slapd
        pkgname@ubuntu2404: slapd