Hello Maura,
----- Original Message -----
From: "Maura Dailey" <maura(a)eclipse.ncsc.mil>
Sent: Tuesday, April 1, 2014 6:35:20 PM
Is your computer receiving updates that I'm not? (This is a serious
question, because I have never gotten any updates for the RHEL 7 beta.)
Yes, it's subscribed to "Red Hat Enterprise Linux 7 Workstation High Touch
Beta"
via the Red Hat employee subscription performed via subscription-manager since looks
there's / will be no support for RHN Classic method:
https://access.redhat.com/site/solutions/549343
The related documents on the topic:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Subscription_M...
https://access.redhat.com/site/documentation/en-US/Red_Hat_Subscription_M...
https://access.redhat.com/site/articles/143253
https://access.redhat.com/site/solutions/535473
https://access.redhat.com/site/solutions/11025
https://access.redhat.com/site/solutions/550423
https://access.redhat.com/site/solutions/534743
So check your RHN account / subscription details.
HTH.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
Please note that the version number is completely different on my
system:
[root@cetus ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Everything release 7.0 Beta (Maipo)
[root@cetus ~]# yum info libcgroup-tools
Loaded plugins: langpacks, product-id, subscription-manager
This system is receiving updates from Red Hat Subscription Management.
Installed Packages
Name : libcgroup-tools
Arch : x86_64
Version : 0.40
Release : 0.rc1.3.el7
Size : 221 k
Repo : installed
From repo : rhel-7-public-beta-rpms
Summary : Command-line utility programs, services and daemons for
libcgroup
URL :
http://libcg.sourceforge.net/
License : LGPLv2+
Description : This package contains command-line programs, services and
a daemon for
: manipulating control groups using the libcgroup library.
- Maura Dailey
On 04/01/2014 12:29 PM, Jan Lieskovsky wrote:
> Hello Maura,
>
> ----- Original Message -----
>> From: "Maura Dailey" <maura(a)eclipse.ncsc.mil>
>> Subject: [PATCH] Service cgred (service name for binary cgrulesengd) is
>> gone in RHEL 7.
>>
>> I noticed that cgred.service was not present in libcgroup-tools in the
>> RHEL 7
>> beta. cgred.service is the service file that controls the daemon
>> cgrulesengd.
>>
>> # rpm -q --changelog libcgroup-tools
>> * Mon Nov 04 2013 Peter Schiffer <pschiffe(a)redhat.com> 0.40-0.rc1.3
>> - related: #819568
>> fixed some coverity findings
>>
>> * Fri Nov 01 2013 Peter Schiffer <pschiffe(a)redhat.com> 0.40-0.rc1.2
>> - related: #1016810
>> returned creation of cgred group, which was removed in previous commit
>> by
>> mistage
>>
>> * Fri Nov 01 2013 Peter Schiffer <pschiffe(a)redhat.com> 0.40-0.rc1.1
>> - resolves: #819568, #740113
>> rebased to 0.40.rc1
>> - resolves: #983264
>> rebuilt with full relro and PIE
>> - resolves: #1016810
>> removed cgrulesengd daemon
>> ...
>>
>> Please note that in the last line displayed here, cgrulesengd is listed as
>> having been removed.
> I would assume that removal of cgrulesengd daemon above would correspond to
> removal
> of particular SysV init script from the libcgroup-tools package, and
> replacing it
> with the systemd unit instead (as part of moving from SysV init scripts to
> systemd managed
> services scenario).
>
> This can be verified as follows:
>
> [root@localhost ~]# cat /etc/redhat-release
> Red Hat Enterprise Linux Workstation release 7.0 Beta (Maipo)
> [root@localhost ~]# rpm -q libcgroup-tools
> libcgroup-tools-0.41-6.el7.x86_64
> [root@localhost ~]# rpm -ql libcgroup-tools | grep cgred
> /etc/sysconfig/cgred
> /usr/lib/systemd/system/cgred.service
> /usr/share/man/man5/cgred.conf.5.gz
> [root@localhost ~]# systemctl is-enabled cgred
> disabled
> [root@localhost ~]# chkconfig --level 0123456 cgred off
> Note: Forwarding request to 'systemctl disable cgred.service'.
>
> That note suggest what the chkconfig command would be actually translated
> into on RHEL-7.
>
> So I would say the cgred service XCCDF rule is still worthy to be kept,
> just the fix should be rewritten into systemd syntax / commands, rather
> to rely on chkconfig translation.
>
> Thank you && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Technologies Team
>
>> RHEL Bugzilla reference here (I can't read the actual bug from the
>> changelog,
>> but there's a link to it on this page):
>>
https://bugzilla.redhat.com/show_bug.cgi?id=1034248
>>
>> - Maura Dailey
>>
>>
>> Signed-off-by: Maura Dailey <maura(a)eclipse.ncsc.mil>
>> ---
>> RHEL/7/input/fixes/bash/service_cgred_disabled.sh | 9 ---------
>> RHEL/7/input/services/base.xml | 15 ---------------
>> 2 files changed, 0 insertions(+), 24 deletions(-)
>> delete mode 100644 RHEL/7/input/fixes/bash/service_cgred_disabled.sh
>>
>> diff --git a/RHEL/7/input/fixes/bash/service_cgred_disabled.sh
>> b/RHEL/7/input/fixes/bash/service_cgred_disabled.sh
>> deleted file mode 100644
>> index e4d7301..0000000
>> --- a/RHEL/7/input/fixes/bash/service_cgred_disabled.sh
>> +++ /dev/null
>> @@ -1,9 +0,0 @@
>> -#
>> -# Disable cgred for all run levels
>> -#
>> -chkconfig --level 0123456 cgred off
>> -
>> -#
>> -# Stop cgred if currently running
>> -#
>> -service cgred stop
>> diff --git a/RHEL/7/input/services/base.xml
>> b/RHEL/7/input/services/base.xml
>> index 4f2c05a..5c0941c 100644
>> --- a/RHEL/7/input/services/base.xml
>> +++ b/RHEL/7/input/services/base.xml
>> @@ -75,21 +75,6 @@ service is not necessary.
>> <ref nist="CM-7" />
>> </Rule>
>>
>> -<Rule id="service_cgred_disabled">
>> -<title>Disable Control Group Rules Engine (cgred)</title>
>> -<description>The <tt>cgred</tt> service moves tasks into
control groups
>> according to
>> -parameters set in the <tt>/etc/cgrules.conf</tt> configuration
file.
>> -<service-disable-macro service="cgred" />
>> -</description>
>> -<ocil><service-disable-check-macro service="cgred"
/></ocil>
>> -<rationale>Unless control groups are used to manage system resources,
>> running the cgred service
>> -service is not necessary.
>> -</rationale>
>> -<ident cce="RHEL7-CCE-TBD" />
>> -<oval id="service_cgred_disabled" />
>> -<ref nist="CM-7" />
>> -</Rule>
>> -
>> <Rule id="service_cpuspeed_disabled">
>> <title>Disable CPU Speed (cpuspeed)</title>
>> <description>The <tt>cpuspeed</tt> service can adjust the
clock speed of
>> supported CPUs based upon
>> --
>> 1.7.1
>>
>> _______________________________________________
>> scap-security-guide mailing list
>> scap-security-guide(a)lists.fedorahosted.org
>>
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide