Puppet Class: cis_security_hardening::rules::ldap_client

Defined in:
manifests/rules/ldap_client.pp

Summary

Ensure LDAP client is not installed

Overview

The Lightweight Directory Access Protocol (LDAP) was introduced as a replacement for NIS/YP. It is a service that provides a method for looking up information from a central database.

Rationale: If the system will not need to act as an LDAP client, it is recommended that the software be removed to reduce the potential attack surface.

Examples:

class { 'cis_security_hardening::rules::ldap_client':
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'manifests/rules/ldap_client.pp', line 20

class cis_security_hardening::rules::ldap_client (
  Boolean $enforce = false,
) {
  if $enforce {
    $pkg = $facts['os']['name'].downcase() ? {
      'ubuntu' => 'ldap-utils',
      'debian' => 'ldap-utils',
      'sles'   => 'openldap2-clients',
      default  => 'openldap-clients',
    }

    $ensure = $facts['os']['family'].downcase() ? {
      'suse'  => 'absent',
      default => 'purged'
    }

    ensure_packages($pkg, {
        ensure => $ensure,
    })
  }
}