Bug 1791583 - [DOC] C2S security profile - services are now masked instead of disabled
Summary: [DOC] C2S security profile - services are now masked instead of disabled
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: scap-security-guide
Version: 7.8
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: 7.9
Assignee: Watson Yuuma Sato
QA Contact: Marek Haicman
Mirek Jahoda
Depends On:
TreeView+ depends on / blocked
Reported: 2020-01-16 08:17 UTC by Steffen Froemer
Modified: 2023-03-24 16:44 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
.`SCAP Security Guide` now correctly disables services With this update, the `SCAP Security Guide` (SSG) profiles correctly disable and mask services that should not be started. This guarantees that disabled services are not inadvertently started as a dependency of another service. Before this change, the SSG profiles such as the U.S. Government Commercial Cloud Services (C2S) profile only disabled the service. As a result, services disabled by an SSG profile cannot be started unless you unmask them first.
Clone Of:
Last Closed: 2020-09-29 19:52:42 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 4736311 0 None None None 2020-01-16 08:17:07 UTC
Red Hat Product Errata RHBA-2020:3909 0 None None None 2020-09-29 19:53:00 UTC

Description Steffen Froemer 2020-01-16 08:17:07 UTC
Description of problem:
The behavior of disabling services changed between RHEL-7.7 and RHEL-7.8. This should be mentioned somewhere (e.g. release notes)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install RHEL-7.8 beta with chosing C2S security profile directly inside anaconda (including nfs-utils, e.g.)
2. start nfs-server afterwards

Actual results:
Service can't be started

Expected results:
The requirement to unmask the services before possible to start should be notes in release notes, that this behavior changed. In C2S-profile of RHEL-7.7 the services were only disabled.

Additional info:

Comment 11 errata-xmlrpc 2020-09-29 19:52:42 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.