2.2.5 Ensure LDAP server is not enabled

Information

The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database.

Rationale:

If the system will not need to act as an LDAP server, it is recommended that the software be disabled to reduce the potential attack surface.

Solution

Run one of the following commands to disable slapd:

# systemctl --now disable slapd

See Also

https://workbench.cisecurity.org/files/2970

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4, CSCv6|9.1, CSCv7|9.2

Plugin: Unix

Control ID: 0a3aebbd249f36c463410db9aca986c384f6d5cfde70050b07081c2933e7cfda