1791583 – [DOC] C2S security profile - services are now masked instead of disabled

Bug 1791583 - [DOC] C2S security profile - services are now masked instead of disabled

Summary: [DOC] C2S security profile - services are now masked instead of disabled

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	scap-security-guide
Sub Component:
Version:	7.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	7.9
Assignee:	Watson Yuuma Sato
QA Contact:	Marek Haicman
Docs Contact:	Mirek Jahoda
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-01-16 08:17 UTC by Steffen Froemer
Modified:	2023-03-24 16:44 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	.`SCAP Security Guide` now correctly disables services With this update, the `SCAP Security Guide` (SSG) profiles correctly disable and mask services that should not be started. This guarantees that disabled services are not inadvertently started as a dependency of another service. Before this change, the SSG profiles such as the U.S. Government Commercial Cloud Services (C2S) profile only disabled the service. As a result, services disabled by an SSG profile cannot be started unless you unmask them first.
Clone Of:
Environment:
Last Closed:	2020-09-29 19:52:42 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	4736311	0	None	None	None	2020-01-16 08:17:07 UTC
Red Hat Product Errata	RHBA-2020:3909	0	None	None	None	2020-09-29 19:53:00 UTC

Description Steffen Froemer 2020-01-16 08:17:07 UTC

Description of problem:
The behavior of disabling services changed between RHEL-7.7 and RHEL-7.8. This should be mentioned somewhere (e.g. release notes)

Version-Release number of selected component (if applicable):
latest 

How reproducible:
always

Steps to Reproduce:
1. Install RHEL-7.8 beta with chosing C2S security profile directly inside anaconda (including nfs-utils, e.g.)
2. start nfs-server afterwards
3. 

Actual results:
Service can't be started

Expected results:
The requirement to unmask the services before possible to start should be notes in release notes, that this behavior changed. In C2S-profile of RHEL-7.7 the services were only disabled.

Additional info:

Comment 11 errata-xmlrpc 2020-09-29 19:52:42 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3909

Note You need to log in before you can comment on or make changes to this bug.