id: ldap-client

info:
  name: Ensure LDAP Client is Not Installed
  author: Th3l0newolf
  severity: info
  description: |
    The ldap-utils package provides LDAP client utilities that allow systems to query and interact with LDAP directories.If not explicitly required, it should be removed to minimize the system’s attack surface and reduce security risks.
  remediation: |
    - Ensure the ldap-utils package is not installed unless explicitly required.
    - To remove the package, run: sudo apt-get remove ldap-utils -y
  reference:
    - https://www.cisecurity.org/benchmark/ubuntu_linux
  metadata:
    verified: true
  tags: cis,local,cisecurity,audit,linux,ubuntu,ldap

self-contained: true

code:
  - engine:
      - bash

    args:
      - "-c"
      - |
        # Check if the ldap-utils package is installed
        if dpkg-query -W -f='${Status}' ldap-utils 2>/dev/null | grep -q "install ok installed"; then
          echo "[cis-ldap-client-check:Policy-Fail] [ldap-utils is installed] [CIS_FAIL]"
        else
          echo "[cis-ldap-client-check:Policy-Pass] [ldap-utils is not installed] [CIS_PASS]"
        fi

    matchers:
      - type: word
        name: policy-pass
        words:
          - "Policy-Pass"

      - type: word
        name: policy-fail
        words:
          - "Policy-Fail"
# digest: 4b0a00483046022100ff8778e0ae1fc773a1a46f288bcfb1d5e232d50fe42361d05d96bca924ecae6e0221009d492ae0f7a531cea826f1e264d8b8418a9656c6f5fa3d0ce75fb7ff9ba9b54b:922c64590222798bb761d5b6d8e72950