Disable the netconsole service (if present)
This patch checks for the netconsole service on a host and disables the service, if the service is installed. The service will be stopped immediately if it is found to be running. Documentation and release notes are included. Closes-bug: 1584194 Change-Id: If779af67c2a66e7b56d170f1f12744aef75ff27b
This commit is contained in:
		| @@ -156,6 +156,7 @@ security_disable_atd: yes                         # V-38640 | ||||
| security_disable_autofs: yes                      # V-38437 | ||||
| security_disable_avahi: yes                       # V-31618 | ||||
| security_disable_bluetooth: yes                   # V-38691 | ||||
| security_disable_netconsole: yes                  # v-38672 | ||||
| security_disable_qpidd: yes                       # V-38648 | ||||
| security_disable_rsh: yes                         # V-38594 | ||||
| security_disable_ypbind: yes                      # V-38604 | ||||
|   | ||||
| @@ -1,2 +1,10 @@ | ||||
| Ubuntu doesn't provide the netconsole package and the daemon isn't included | ||||
| in any other Ubuntu packages. Therefore, no action is required for this STIG. | ||||
| in any other Ubuntu packages. | ||||
|  | ||||
| In CentOS, the ``netconsole`` daemon will be stopped and disabled if it is | ||||
| found to be installed. Deployers can opt-out of this change by setting the | ||||
| following Ansible variable: | ||||
|  | ||||
| .. code-block:: yaml | ||||
|  | ||||
|     security_disable_netconsole: no | ||||
|   | ||||
| @@ -0,0 +1,7 @@ | ||||
| fixes: | ||||
|   - | | ||||
|     An Ansible task was added to disable the ``netconsole`` service on CentOS | ||||
|     systems if the service is installed on the system. | ||||
|  | ||||
|     Deployers can opt-out of this change by setting | ||||
|     ``security_disable_netconsole`` to ``no``. | ||||
| @@ -261,6 +261,19 @@ | ||||
|     - cat2 | ||||
|     - V-38671 | ||||
|  | ||||
| - name: V-38672 - netconsole must be disabled | ||||
|   service: | ||||
|     name: netconsole | ||||
|     state: stopped | ||||
|     enabled: no | ||||
|   when: | ||||
|     - security_disable_netconsole | bool | ||||
|     - "'netconsole' in services_installed.stdout" | ||||
|   tags: | ||||
|     - services | ||||
|     - cat3 | ||||
|     - V-38672 | ||||
|  | ||||
| - name: V-38676 - The X windows package must not be installed (apt) | ||||
|   apt: | ||||
|     name: "{{ xserver_pkg }}" | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Major Hayden
					Major Hayden