Check: OL6-00-000256
Oracle Linux 6 STIG:
OL6-00-000256
(in versions v2 r7 through v1 r9)
Title
The openldap-servers package must not be installed unless required. (Cat III impact)
Discussion
Unnecessary packages should not be installed to decrease the attack surface of the system.
Check Content
To verify the "openldap-servers" package is not installed, run the following command: $ rpm -q openldap-servers The output should show the following. package openldap-servers is not installed If it does not, this is a finding.
Fix Text
The "openldap-servers" package should be removed if not in use. Is this machine the OpenLDAP server? If not, remove the package. # yum erase openldap-servers The openldap-servers RPM may be installed. It is needed only by the OpenLDAP server, not by clients which use LDAP for authentication. If the system is not intended for use as an LDAP server, it should be removed.
Additional Identifiers
Rule ID: SV-208932r793718_rule
Vulnerability ID: V-208932
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |