Bug 1291516
Summary: | USGCB STIG for RHEL 7 mentions obsolete "PROMPT=no" option in /etc/sysconfig/init | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Karl Hastings <kasmith> |
Component: | scap-security-guide | Assignee: | Jan Lieskovsky <jlieskov> |
Status: | CLOSED ERRATA | QA Contact: | Marek Haicman <mhaicman> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.2 | CC: | cww, mhaicman, openscap-maint |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | scap-security-guide-0.1.30-1.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-04 07:33:03 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1203710 |
Description
Karl Hastings
2015-12-15 03:01:57 UTC
To my understanding this has been fixed in upstream. Granting dev_ack+. https://github.com/OpenSCAP/scap-security-guide/pull/852 Šimon, Unless I'm missing something, (And I could very well be) I don't see the changes merged for RHEL7: https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/disable_interactive_boot.xml https://github.com/OpenSCAP/scap-security-guide/blob/master/RHEL/7/input/xccdf/system/accounts/physical.xml RHEL7/systemd does not follow the PROMPT=no option in /etc/sysconfig/init, so that test should be removed. RHEL7/systemd uses systemd.confirm_spawn=1 on the kernel command line to do an interactive boot, that test needs to be added. Ah, you are right, Karl. Thank You! Proposed upstream patch: * https://github.com/OpenSCAP/scap-security-guide/pull/1282 Version scap-security-guide-0.1.30-1.el7 contains the fix. PROMPT=no is no longer suggested and checked, and instead systemd.confirm_spawn is checked. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2483.html |