code/linux/audit/ldap-client.yaml

id: ldap-client

info:
  name: Ensure LDAP Client is Not Installed
  author: Th3l0newolf
  severity: info
  description: |
    The ldap-utils package provides LDAP client utilities that allow systems to query and interact with LDAP directories.If not explicitly required, it should be removed to minimize the system’s attack surface and reduce security risks.
  remediation: |
    - Ensure the ldap-utils package is not installed unless explicitly required.
    - To remove the package, run: sudo apt-get remove ldap-utils -y
  reference:
    - https://www.cisecurity.org/benchmark/ubuntu_linux
  metadata:
    verified: true
  tags: cis,local,cisecurity,audit,linux,ubuntu,ldap

self-contained: true

code:
  - engine:
      - bash

    args:
      - "-c"
      - |
        # Check if the ldap-utils package is installed
        if dpkg-query -W -f='${Status}' ldap-utils 2>/dev/null | grep -q "install ok installed"; then
          echo "[cis-ldap-client-check:Policy-Fail] [ldap-utils is installed] [CIS_FAIL]"
        else
          echo "[cis-ldap-client-check:Policy-Pass] [ldap-utils is not installed] [CIS_PASS]"
        fi

    matchers:
      - type: word
        name: policy-pass
        words:
          - "Policy-Pass"

      - type: word
        name: policy-fail
        words:
          - "Policy-Fail"
# digest: 4b0a00483046022100ff8778e0ae1fc773a1a46f288bcfb1d5e232d50fe42361d05d96bca924ecae6e0221009d492ae0f7a531cea826f1e264d8b8418a9656c6f5fa3d0ce75fb7ff9ba9b54b:922c64590222798bb761d5b6d8e72950
-												file name, tags and Minor - changes

											
										
										
											2025-08-19 18:03:12 +05:30
+								id: ldap-client
-												Ubuntu Phase 3

more templates
											
										
										
											2025-06-18 23:58:37 -07:00
 								info:
 								  name: Ensure LDAP Client is Not Installed
 								  author: Th3l0newolf
-												file name, tags and Minor - changes

											
										
										
											2025-08-19 18:03:12 +05:30
+								  severity: info
-												Ubuntu Phase 3

more templates
											
										
										
											2025-06-18 23:58:37 -07:00
+								  description: |
-												file name, tags and Minor - changes

											
										
										
											2025-08-19 18:03:12 +05:30
+								    The ldap-utils package provides LDAP client utilities that allow systems to query and interact with LDAP directories.If not explicitly required, it should be removed to minimize the system’s attack surface and reduce security risks.
-												Ubuntu Phase 3

more templates
											
										
										
											2025-06-18 23:58:37 -07:00
+								  remediation: |
-												file name, tags and Minor - changes

											
										
										
											2025-08-19 18:03:12 +05:30
+								    - Ensure the ldap-utils package is not installed unless explicitly required.
 								    - To remove the package, run: sudo apt-get remove ldap-utils -y
-												Ubuntu Phase 3

more templates
											
										
										
											2025-06-18 23:58:37 -07:00
+								  reference:
 								    - https://www.cisecurity.org/benchmark/ubuntu_linux
 								  metadata:
 								    verified: true
-												Local tag - update

											
										
										
											2025-08-28 23:41:32 +05:30
+								  tags: cis,local,cisecurity,audit,linux,ubuntu,ldap
-												Ubuntu Phase 3

more templates
											
										
										
											2025-06-18 23:58:37 -07:00
 								self-contained: true
 								code:
 								  - engine:
 								      - bash
 								    args:
 								      - "-c"
 								      - |
 								        # Check if the ldap-utils package is installed
 								        if dpkg-query -W -f='${Status}' ldap-utils 2>/dev/null | grep -q "install ok installed"; then
-												file name, tags and Minor - changes

											
										
										
											2025-08-19 18:03:12 +05:30
+								          echo "[cis-ldap-client-check:Policy-Fail] [ldap-utils is installed] [CIS_FAIL]"
-												Ubuntu Phase 3

more templates
											
										
										
											2025-06-18 23:58:37 -07:00
+								        else
-												file name, tags and Minor - changes

											
										
										
											2025-08-19 18:03:12 +05:30
+								          echo "[cis-ldap-client-check:Policy-Pass] [ldap-utils is not installed] [CIS_PASS]"
-												Ubuntu Phase 3

more templates
											
										
										
											2025-06-18 23:58:37 -07:00
+								        fi
 								    matchers:
 								      - type: word
 								        name: policy-pass
 								        words:
 								          - "Policy-Pass"
 								      - type: word
 								        name: policy-fail
 								        words:
-												chore: sign templates 🤖

											
										
										
											2025-08-21 12:45:03 +00:00
+								          - "Policy-Fail"
-												chore: sign templates 🤖

											
										
										
											2025-08-29 10:06:03 +00:00
+								# digest: 4b0a00483046022100ff8778e0ae1fc773a1a46f288bcfb1d5e232d50fe42361d05d96bca924ecae6e0221009d492ae0f7a531cea826f1e264d8b8418a9656c6f5fa3d0ce75fb7ff9ba9b54b:922c64590222798bb761d5b6d8e72950