{"description": "The <tt>krb5-server</tt> package should be removed if not in use.\nIs this system the Kerberos server? If not, remove the package.\nThe <code>krb5-server</code> package can be removed with the following command:\n<pre>\n$ apt-get remove krb5-server</pre>\nThe krb5-server RPM is not installed by default on a Ubuntu 22.04\nsystem. It is needed only by the Kerberos servers, not by the\nclients which use Kerberos for authentication. If the system is not\nintended for use as a Kerberos Server it should be removed.", "rationale": "Unnecessary packages should not be installed to decrease the attack\nsurface of the system.  While this software is clearly essential on an KDC\nserver, it is not necessary on typical desktop or workstation systems.", "severity": "medium", "references": {"nist": ["IA-7", "IA-7.1"], "srg": ["SRG-OS-000120-GPOS-00061"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the package is installed", "ocil": " Run the following command to determine if the <code>krb5-server</code> package is installed: <pre>$ dpkg -l  krb5-server</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": ["krb5_server_older_than_1_17-18"], "sce_metadata": {}, "inherited_platforms": ["system_with_kernel"], "cpe_platform_names": ["krb5_server_older_than_1_17-18"], "inherited_cpe_platform_names": ["system_with_kernel"], "bash_conditional": null, "fixes": {}, "title": "Remove the Kerberos Server Package", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml", "template": {"name": "package_removed", "vars": {"pkgname": "krb5-server"}, "backends": {}}}