Is your computer receiving updates that I'm not? (This is a serious
question, because I have never gotten any updates for the RHEL 7 beta.)
Please note that the version number is completely different on my system:
[root@cetus ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Everything release 7.0 Beta (Maipo)
[root@cetus ~]# yum info libcgroup-tools
Loaded plugins: langpacks, product-id, subscription-manager
This system is receiving updates from Red Hat Subscription Management.
Installed Packages
Name : libcgroup-tools
Arch : x86_64
Version : 0.40
Release : 0.rc1.3.el7
Size : 221 k
Repo : installed
From repo : rhel-7-public-beta-rpms
Summary : Command-line utility programs, services and daemons for
libcgroup
URL : http://libcg.sourceforge.net/
License : LGPLv2+
Description : This package contains command-line programs, services and
a daemon for
: manipulating control groups using the libcgroup library.
- Maura Dailey
On 04/01/2014 12:29 PM, Jan Lieskovsky wrote:
Hello Maura,
----- Original Message -----
From: "Maura Dailey" <[email protected]>
Subject: [PATCH] Service cgred (service name for binary cgrulesengd) is gone
in RHEL 7.
I noticed that cgred.service was not present in libcgroup-tools in the RHEL 7
beta. cgred.service is the service file that controls the daemon
cgrulesengd.
# rpm -q --changelog libcgroup-tools
* Mon Nov 04 2013 Peter Schiffer <[email protected]> 0.40-0.rc1.3
- related: #819568
fixed some coverity findings
* Fri Nov 01 2013 Peter Schiffer <[email protected]> 0.40-0.rc1.2
- related: #1016810
returned creation of cgred group, which was removed in previous commit by
mistage
* Fri Nov 01 2013 Peter Schiffer <[email protected]> 0.40-0.rc1.1
- resolves: #819568, #740113
rebased to 0.40.rc1
- resolves: #983264
rebuilt with full relro and PIE
- resolves: #1016810
removed cgrulesengd daemon
...
Please note that in the last line displayed here, cgrulesengd is listed as
having been removed.
I would assume that removal of cgrulesengd daemon above would correspond to
removal
of particular SysV init script from the libcgroup-tools package, and replacing
it
with the systemd unit instead (as part of moving from SysV init scripts to
systemd managed
services scenario).
This can be verified as follows:
[root@localhost ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Workstation release 7.0 Beta (Maipo)
[root@localhost ~]# rpm -q libcgroup-tools
libcgroup-tools-0.41-6.el7.x86_64
[root@localhost ~]# rpm -ql libcgroup-tools | grep cgred
/etc/sysconfig/cgred
/usr/lib/systemd/system/cgred.service
/usr/share/man/man5/cgred.conf.5.gz
[root@localhost ~]# systemctl is-enabled cgred
disabled
[root@localhost ~]# chkconfig --level 0123456 cgred off
Note: Forwarding request to 'systemctl disable cgred.service'.
That note suggest what the chkconfig command would be actually translated
into on RHEL-7.
So I would say the cgred service XCCDF rule is still worthy to be kept,
just the fix should be rewritten into systemd syntax / commands, rather
to rely on chkconfig translation.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
RHEL Bugzilla reference here (I can't read the actual bug from the changelog,
but there's a link to it on this page):
https://bugzilla.redhat.com/show_bug.cgi?id=1034248
- Maura Dailey
Signed-off-by: Maura Dailey <[email protected]>
---
RHEL/7/input/fixes/bash/service_cgred_disabled.sh | 9 ---------
RHEL/7/input/services/base.xml | 15 ---------------
2 files changed, 0 insertions(+), 24 deletions(-)
delete mode 100644 RHEL/7/input/fixes/bash/service_cgred_disabled.sh
diff --git a/RHEL/7/input/fixes/bash/service_cgred_disabled.sh
b/RHEL/7/input/fixes/bash/service_cgred_disabled.sh
deleted file mode 100644
index e4d7301..0000000
--- a/RHEL/7/input/fixes/bash/service_cgred_disabled.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#
-# Disable cgred for all run levels
-#
-chkconfig --level 0123456 cgred off
-
-#
-# Stop cgred if currently running
-#
-service cgred stop
diff --git a/RHEL/7/input/services/base.xml b/RHEL/7/input/services/base.xml
index 4f2c05a..5c0941c 100644
--- a/RHEL/7/input/services/base.xml
+++ b/RHEL/7/input/services/base.xml
@@ -75,21 +75,6 @@ service is not necessary.
<ref nist="CM-7" />
</Rule>
-<Rule id="service_cgred_disabled">
-<title>Disable Control Group Rules Engine (cgred)</title>
-<description>The <tt>cgred</tt> service moves tasks into control groups
according to
-parameters set in the <tt>/etc/cgrules.conf</tt> configuration file.
-<service-disable-macro service="cgred" />
-</description>
-<ocil><service-disable-check-macro service="cgred" /></ocil>
-<rationale>Unless control groups are used to manage system resources,
running the cgred service
-service is not necessary.
-</rationale>
-<ident cce="RHEL7-CCE-TBD" />
-<oval id="service_cgred_disabled" />
-<ref nist="CM-7" />
-</Rule>
-
<Rule id="service_cpuspeed_disabled">
<title>Disable CPU Speed (cpuspeed)</title>
<description>The <tt>cpuspeed</tt> service can adjust the clock speed of
supported CPUs based upon
--
1.7.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
