An error occurred:

Check: RHEL-06-000256

Red Hat Enterprise Linux 6 STIG: RHEL-06-000256 (in versions v2 r2 through v1 r14)

Title

The openldap-servers package must not be installed unless required. (Cat III impact)

Discussion

Unnecessary packages should not be installed to decrease the attack surface of the system.

Check Content

To verify the "openldap-servers" package is not installed, run the following command: $ rpm -q openldap-servers The output should show the following. package openldap-servers is not installed If it does not, this is a finding.

Fix Text

The "openldap-servers" package should be removed if not in use. # yum erase openldap-servers The openldap-servers RPM is not installed by default on RHEL6 machines. It is needed only by the OpenLDAP server, not by the clients which use LDAP for authentication. If the system is not intended for use as an LDAP Server it should be removed.

Additional Identifiers

Rule ID: SV-218010r603264_rule

Vulnerability ID: V-218010

Group Title: SRG-OS-000095

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.
CCI-000381

The organization configures the information system to provide only essential capabilities.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings
CM-7

Least Functionality