Comments (4)
iankko
commented on May 22, 2024
The requirement specified by this OVAL check does not apply for RHEL-7 (neither for Server, Workstation, or Client) since there isn't corresponding rds.ko kernel object which could be potentially loaded.
Can be verified by running e.g the command:
rpm -ql kernel | grep rds | wc -l
0
Also attempt to load rds.ko via modprobe results into:
[root@localhost ~]# uname -a
Linux localhost.localdomain 3.10.0-123.el7.x86_64 #1 SMP Mon May 5 11:16:57 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost ~]# modprobe rds
modprobe: FATAL: Module rds not found.
[root@localhost ~]# echo $?
1
[root@localhost ~]#
In my opinion, there isn't a point to implement an XCCDF / OVAL rule for system feature that can't actually happen. The only way it could happen the underlying system would have the rds.ko kernel object built is, they would install kernel-headers package & run make menuconfig for the kernel package & build a custom kernel. But this would be unsupported configuration (AFAICT), therefore in my opinion this rule can be unselected / deleted from the RHEL-7 CCP profile expectations.
from content.
iankko
commented on May 22, 2024
Yet, this note to be more complete, the rds module its not loaded by default:
lsmod | grep rds | wc -l
return zero. And can't be unloaded via rmmod:
rmmod rds
rmmod: ERROR: Module rds is not currently loaded.
For what is worthy if its not built-in, when retrieving the effective configuration from the config directory via "modprobe -c" command, "rds" module isn't listed there (neither directly, nor in the aliases).
So in my opinion, this rule doesn't need to be ported to RHEL-7.
from content.
iankko
commented on May 22, 2024
And yet one observation / difference (with kernel-devel package installed on the particular RHEL-6 / RHEL-7 system)
On RHEL-6 system:
cat /usr/src/kernels/2.6.32-431.29.2.el6.i686/.config | grep CONFIG_RDS
CONFIG_RDS=m
CONFIG_RDS_RDMA=m
CONFIG_RDS_TCP=m
CONFIG_RDS_DEBUG is not set
While on RHEL-7 system:
cat /usr/src/kernels/3.10.0-123.6.3.el7.x86_64/.config | grep CONFIG_RDS
CONFIG_RDS is not set
So it's neither built-in, nor compiled as module / kernel object.
from content.
shawndwells
commented on May 22, 2024
@iankko thanks for hunting this down. many of these are just direct imports without any examination to see if they should be imported into RHEL7 content. So many we may end up just dropping.
Resolving this ticket -- no need to import into RHEL7.
from content.
Related Issues (20)
- Issue on check on firewall rules (Ubuntu 22-04 + UFW) HOT 5
- You can't use `sed -i` on /etc/sysctl.d/*.conf HOT 1
- Assertion failure with Debian Bookworm
- CIS 5.5.2 Ensure system accounts are secured HOT 5
- "<" operator in jq filter fails the build HOT 4
- RHEL 8/9 - Unexpected active sessions stop by systemd-logind
- sudo is broken in testing environment with ANSSI High HOT 1
- Possibly add ensure_gpgcheck_local_packages ds_unselect for ANSSI HOT 2
- CIS 1.3.1 Ensure AIDE is installed HOT 4
- CIS 4.1.3.14 Ensure events that modify the system's Mandatory Access Controls are collected
- mount_option_boot_nosuid fails to remediate with Ansible HOT 6
- chronyd_or_ntpd_set_maxpoll is not remediated by Ansible HOT 2
- firewalld_sshd_port_enabled fails to remediate on aarch64 HOT 5
- accounts_umask_etc_bashrc is misaligned with RHEL 9 STIG HOT 4
- `audit_rules_networkconfig_modification_network_scripts` is broken in Automatus
- zipl_bootmap_is_up_to_date is failing after Ansible remediation HOT 2
- test scenarios for firewalld_sshd_port_enabled are failing on RHEL 8.6 HOT 3
- test scenario for service_bluetooth_disabled is not causing expected fail HOT 2
- Should files in /tmp be checked for permissions when using tmpfs?
- OpenSCAP Ubuntu 20.04 STIG Profile Issue with Banner Test HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from content.