|
 |
dac76a |
From 9f7a12207d136211a5906df39490104ef02e3e0c Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
dac76a |
Date: Thu, 19 Mar 2020 15:35:47 +0100
|
|
|
dac76a |
Subject: [PATCH 1/4] add rule
|
|
|
dac76a |
|
|
|
dac76a |
---
|
|
|
dac76a |
.../package_openldap-clients_removed/rule.yml | 32 +++++++++++++++++++
|
|
|
dac76a |
2 files changed, 32 insertions(+), 2 deletions(-)
|
|
|
dac76a |
create mode 100644 linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
|
|
|
dac76a |
new file mode 100644
|
|
|
dac76a |
index 0000000000..e8dfc04020
|
|
|
dac76a |
--- /dev/null
|
|
|
dac76a |
+++ b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
|
|
|
dac76a |
@@ -0,0 +1,32 @@
|
|
|
dac76a |
+documentation_complete: true
|
|
|
dac76a |
+
|
|
|
dac76a |
+title: 'Ensure LDAP client is not installed'
|
|
|
dac76a |
+
|
|
|
dac76a |
+description: |-
|
|
|
dac76a |
+ The Lightweight Directory Access Protocol (LDAP) is a service that provideso
|
|
|
dac76a |
+ a method for looking up information from a central database.
|
|
|
dac76a |
+ {{{ describe_package_remove("openldap-clients") }}}
|
|
|
dac76a |
+
|
|
|
dac76a |
+rationale:
|
|
|
dac76a |
+ If the system does not need to act as an LDAP client, it is recommended that the software is
|
|
|
dac76a |
+ removed to reduce the potential attack surface.
|
|
|
dac76a |
+
|
|
|
dac76a |
+severity: low
|
|
|
dac76a |
+
|
|
|
dac76a |
+identifiers:
|
|
|
dac76a |
+ cce@rhel7: 82884-8
|
|
|
dac76a |
+ cce@rhel8: 82885-5
|
|
|
dac76a |
+
|
|
|
dac76a |
+references:
|
|
|
dac76a |
+ cis@rhel7: 2.3.5
|
|
|
dac76a |
+ cis@rhel8: 2.3.3
|
|
|
dac76a |
+
|
|
|
dac76a |
+ocil_clause: 'the package is installed'
|
|
|
dac76a |
+
|
|
|
dac76a |
+ocil: |-
|
|
|
dac76a |
+ {{{ ocil_package("openldap-clients") }}}
|
|
|
dac76a |
+
|
|
|
dac76a |
+template:
|
|
|
dac76a |
+ name: package_removed
|
|
|
dac76a |
+ vars:
|
|
|
dac76a |
+ pkgname: openldap-clients
|
|
|
dac76a |
From b21593567c0c758710461bc7a3d59651503f84c9 Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: vojtapolasek <krecoun@gmail.com>
|
|
|
dac76a |
Date: Thu, 19 Mar 2020 16:40:55 +0100
|
|
|
dac76a |
Subject: [PATCH 2/4] Update
|
|
|
dac76a |
linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
|
|
|
dac76a |
MIME-Version: 1.0
|
|
|
dac76a |
Content-Type: text/plain; charset=UTF-8
|
|
|
dac76a |
Content-Transfer-Encoding: 8bit
|
|
|
dac76a |
|
|
|
dac76a |
Co-Authored-By: Jan Černý <jcerny@redhat.com>
|
|
|
dac76a |
---
|
|
|
dac76a |
.../openldap_client/package_openldap-clients_removed/rule.yml | 2 +-
|
|
|
dac76a |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
|
|
|
dac76a |
index e8dfc04020..1339137fb4 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
|
|
|
dac76a |
@@ -3,7 +3,7 @@ documentation_complete: true
|
|
|
dac76a |
title: 'Ensure LDAP client is not installed'
|
|
|
dac76a |
|
|
|
dac76a |
description: |-
|
|
|
dac76a |
- The Lightweight Directory Access Protocol (LDAP) is a service that provideso
|
|
|
dac76a |
+ The Lightweight Directory Access Protocol (LDAP) is a service that provides
|
|
|
dac76a |
a method for looking up information from a central database.
|
|
|
dac76a |
{{{ describe_package_remove("openldap-clients") }}}
|
|
|
dac76a |
|
|
|
dac76a |
|
|
|
dac76a |
From 82c734902f7f215286168f6aa3e3bfaff99fc336 Mon Sep 17 00:00:00 2001
|
|
|
dac76a |
From: Vojtech Polasek <vpolasek@redhat.com>
|
|
|
dac76a |
Date: Thu, 19 Mar 2020 16:58:02 +0100
|
|
|
dac76a |
Subject: [PATCH 3/4] add missing prodtype
|
|
|
dac76a |
|
|
|
dac76a |
---
|
|
|
dac76a |
.../openldap_client/package_openldap-clients_removed/rule.yml | 2 ++
|
|
|
dac76a |
1 file changed, 2 insertions(+)
|
|
|
dac76a |
|
|
|
dac76a |
diff --git a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
|
|
|
dac76a |
index 1339137fb4..aee1aa315a 100644
|
|
|
dac76a |
--- a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
|
|
|
dac76a |
+++ b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
|
|
|
dac76a |
@@ -1,5 +1,7 @@
|
|
|
dac76a |
documentation_complete: true
|
|
|
dac76a |
|
|
|
dac76a |
+prodtype: rhel7,ol7,rhel8,ol8,fedora,rhv4,ocp4
|
|
|
dac76a |
+
|
|
|
dac76a |
title: 'Ensure LDAP client is not installed'
|
|
|
dac76a |
|
|
|
dac76a |
description: |-
|
|
|
dac76a |
|