|
|
38a2c0 |
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml
|
|
|
38a2c0 |
index 5b3afb324df..67d6836e873 100644
|
|
|
38a2c0 |
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml
|
|
|
38a2c0 |
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml
|
|
|
38a2c0 |
@@ -14,12 +14,3 @@
|
|
|
38a2c0 |
- xorg-x11-server-Xwayland
|
|
|
38a2c0 |
{{% endif %}}
|
|
|
38a2c0 |
state: absent
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
-- name: Switch to multi-user runlevel
|
|
|
38a2c0 |
- file:
|
|
|
38a2c0 |
- src: /usr/lib/systemd/system/multi-user.target
|
|
|
38a2c0 |
- dest: /etc/systemd/system/default.target
|
|
|
38a2c0 |
- state: link
|
|
|
38a2c0 |
- force: yes
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/bash/shared.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/bash/shared.sh
|
|
|
38a2c0 |
index dbabe572d2a..496dc74be7c 100644
|
|
|
38a2c0 |
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/bash/shared.sh
|
|
|
38a2c0 |
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/bash/shared.sh
|
|
|
38a2c0 |
@@ -12,6 +12,3 @@
|
|
|
38a2c0 |
{{% if product not in ["rhel7", "ol7"] %}}
|
|
|
38a2c0 |
{{{ bash_package_remove("xorg-x11-server-Xwayland") }}}
|
|
|
38a2c0 |
{{% endif %}}
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
-# configure run level
|
|
|
38a2c0 |
-systemctl set-default multi-user.target
|
|
|
38a2c0 |
\ No newline at end of file
|
|
|
38a2c0 |
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/oval/shared.xml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/oval/shared.xml
|
|
|
38a2c0 |
index 0710efe9f1b..0868ec6eae7 100644
|
|
|
38a2c0 |
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/oval/shared.xml
|
|
|
38a2c0 |
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/oval/shared.xml
|
|
|
38a2c0 |
@@ -2,10 +2,6 @@
|
|
|
38a2c0 |
<definition class="compliance" id="xwindows_remove_packages" version="1">
|
|
|
38a2c0 |
{{{ oval_metadata("Ensure that the default runlevel target is set to multi-user.target.") }}}
|
|
|
38a2c0 |
<criteria>
|
|
|
38a2c0 |
- {{%- if init_system == "systemd" and target_oval_version != [5, 10] %}}
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
- definition_ref="xwindows_runlevel_target" />
|
|
|
38a2c0 |
- {{%- endif %}}
|
|
|
38a2c0 |
|
|
|
38a2c0 |
test_ref="package_xorg-x11-server-Xorg_removed" />
|
|
|
38a2c0 |
|
|
|
38a2c0 |
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
|
|
|
38a2c0 |
index 10e51577a12..6ceb07bd574 100644
|
|
|
38a2c0 |
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
|
|
|
38a2c0 |
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
|
|
|
38a2c0 |
@@ -19,14 +19,6 @@ description: |-
|
|
|
38a2c0 |
{{% else %}}
|
|
|
38a2c0 |
sudo {{{ pkg_manager }}} remove xorg-x11-server-Xorg xorg-x11-server-common xorg-x11-server-utils xorg-x11-server-Xwayland
|
|
|
38a2c0 |
{{% endif %}}
|
|
|
38a2c0 |
- Additionally, setting the system's default target to
|
|
|
38a2c0 |
- <tt>multi-user.target</tt> will prevent automatic startup of the X server.
|
|
|
38a2c0 |
- To do so, run:
|
|
|
38a2c0 |
- $ systemctl set-default multi-user.target
|
|
|
38a2c0 |
- You should see the following output:
|
|
|
38a2c0 |
- Removed symlink /etc/systemd/system/default.target.
|
|
|
38a2c0 |
- Created symlink from /etc/systemd/system/default.target to /usr/lib/systemd/system/multi-user.target.
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
|
|
|
38a2c0 |
rationale: |-
|
|
|
38a2c0 |
Unnecessary service packages must not be installed to decrease the attack surface of the system. X windows has a long history of security
|
|
|
38a2c0 |
@@ -72,6 +64,8 @@ warnings:
|
|
|
38a2c0 |
The installation and use of a Graphical User Interface (GUI) increases your attack vector and decreases your
|
|
|
38a2c0 |
overall security posture. Removing the package xorg-x11-server-common package will remove the graphical target
|
|
|
38a2c0 |
which might bring your system to an inconsistent state requiring additional configuration to access the system
|
|
|
38a2c0 |
- again. If a GUI is an operational requirement, a tailored profile that removes this rule should used before
|
|
|
38a2c0 |
+ again.
|
|
|
38a2c0 |
+ The rule <tt>xwindows_runlevel_target</tt> can be used to configure the system to boot into the multi-user.target.
|
|
|
38a2c0 |
+ If a GUI is an operational requirement, a tailored profile that removes this rule should be used before
|
|
|
38a2c0 |
continuing installation.
|
|
|
38a2c0 |
{{{ ovirt_rule_notapplicable_warning("X11 graphic libraries are dependency of OpenStack Cinderlib storage provider") | indent(4) }}}
|
|
|
38a2c0 |
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/correct_target.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/correct_target.pass.sh
|
|
|
38a2c0 |
deleted file mode 100644
|
|
|
38a2c0 |
index 9bf62a42d28..00000000000
|
|
|
38a2c0 |
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/correct_target.pass.sh
|
|
|
38a2c0 |
+++ /dev/null
|
|
|
38a2c0 |
@@ -1,5 +0,0 @@
|
|
|
38a2c0 |
-#!/bin/bash
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
-yum -y remove xorg-x11-server-Xorg xorg-x11-server-common xorg-x11-server-utils xorg-x11-server-Xwayland
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
-systemctl set-default multi-user.target
|
|
|
38a2c0 |
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/correct_target_under_lib.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/correct_target_under_lib.pass.sh
|
|
|
38a2c0 |
deleted file mode 100644
|
|
|
38a2c0 |
index 4eeb6971486..00000000000
|
|
|
38a2c0 |
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/correct_target_under_lib.pass.sh
|
|
|
38a2c0 |
+++ /dev/null
|
|
|
38a2c0 |
@@ -1,5 +0,0 @@
|
|
|
38a2c0 |
-#!/bin/bash
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
-yum -y remove xorg-x11-server-Xorg xorg-x11-server-common xorg-x11-server-utils xorg-x11-server-Xwayland
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
-ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
|
|
38a2c0 |
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_installed.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_installed.fail.sh
|
|
|
38a2c0 |
new file mode 100644
|
|
|
38a2c0 |
index 00000000000..b3908cff002
|
|
|
38a2c0 |
--- /dev/null
|
|
|
38a2c0 |
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_installed.fail.sh
|
|
|
38a2c0 |
@@ -0,0 +1,8 @@
|
|
|
38a2c0 |
+#!/bin/bash
|
|
|
38a2c0 |
+
|
|
|
38a2c0 |
+{{{ bash_package_install("xorg-x11-server-Xorg") }}}
|
|
|
38a2c0 |
+{{{ bash_package_install("xorg-x11-server-utils") }}}
|
|
|
38a2c0 |
+{{{ bash_package_install("xorg-x11-server-common") }}}
|
|
|
38a2c0 |
+{{% if product not in ["rhel7", "ol7"] %}}
|
|
|
38a2c0 |
+{{{ bash_package_install("xorg-x11-server-Xwayland") }}}
|
|
|
38a2c0 |
+{{% endif %}}
|
|
|
38a2c0 |
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_installed_removed.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_installed_removed.pass.sh
|
|
|
38a2c0 |
new file mode 100644
|
|
|
38a2c0 |
index 00000000000..abafdbd624a
|
|
|
38a2c0 |
--- /dev/null
|
|
|
38a2c0 |
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_installed_removed.pass.sh
|
|
|
38a2c0 |
@@ -0,0 +1,16 @@
|
|
|
38a2c0 |
+#!/bin/bash
|
|
|
38a2c0 |
+# based on shared/templates/package_removed/tests/package-installed-removed.pass.sh
|
|
|
38a2c0 |
+
|
|
|
38a2c0 |
+{{{ bash_package_install("xorg-x11-server-Xorg") }}}
|
|
|
38a2c0 |
+{{{ bash_package_install("xorg-x11-server-utils") }}}
|
|
|
38a2c0 |
+{{{ bash_package_install("xorg-x11-server-common") }}}
|
|
|
38a2c0 |
+{{% if product not in ["rhel7", "ol7"] %}}
|
|
|
38a2c0 |
+{{{ bash_package_install("xorg-x11-server-Xwayland") }}}
|
|
|
38a2c0 |
+{{% endif %}}
|
|
|
38a2c0 |
+
|
|
|
38a2c0 |
+{{{ bash_package_remove("xorg-x11-server-Xorg") }}}
|
|
|
38a2c0 |
+{{{ bash_package_remove("xorg-x11-server-utils") }}}
|
|
|
38a2c0 |
+{{{ bash_package_remove("xorg-x11-server-common") }}}
|
|
|
38a2c0 |
+{{% if product not in ["rhel7", "ol7"] %}}
|
|
|
38a2c0 |
+{{{ bash_package_remove("xorg-x11-server-Xwayland") }}}
|
|
|
38a2c0 |
+{{% endif %}}
|
|
|
38a2c0 |
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_removed.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_removed.pass.sh
|
|
|
38a2c0 |
new file mode 100644
|
|
|
38a2c0 |
index 00000000000..a403e108082
|
|
|
38a2c0 |
--- /dev/null
|
|
|
38a2c0 |
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_removed.pass.sh
|
|
|
38a2c0 |
@@ -0,0 +1,8 @@
|
|
|
38a2c0 |
+#!/bin/bash
|
|
|
38a2c0 |
+
|
|
|
38a2c0 |
+{{{ bash_package_remove("xorg-x11-server-Xorg") }}}
|
|
|
38a2c0 |
+{{{ bash_package_remove("xorg-x11-server-utils") }}}
|
|
|
38a2c0 |
+{{{ bash_package_remove("xorg-x11-server-common") }}}
|
|
|
38a2c0 |
+{{% if product not in ["rhel7", "ol7"] %}}
|
|
|
38a2c0 |
+{{{ bash_package_remove("xorg-x11-server-Xwayland") }}}
|
|
|
38a2c0 |
+{{% endif %}}
|
|
|
38a2c0 |
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel7_packages_installed_correct_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel7_packages_installed_correct_target.fail.sh
|
|
|
38a2c0 |
deleted file mode 100644
|
|
|
38a2c0 |
index ff7d0efda29..00000000000
|
|
|
38a2c0 |
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel7_packages_installed_correct_target.fail.sh
|
|
|
38a2c0 |
+++ /dev/null
|
|
|
38a2c0 |
@@ -1,4 +0,0 @@
|
|
|
38a2c0 |
-#!/bin/bash
|
|
|
38a2c0 |
-# platform = Red Hat Enterprise Linux 7
|
|
|
38a2c0 |
-# packages = xorg-x11-server-Xorg,xorg-x11-server-common,xorg-x11-server-utils
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel7_packages_installed_wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel7_packages_installed_wrong_target.fail.sh
|
|
|
38a2c0 |
deleted file mode 100644
|
|
|
38a2c0 |
index d8ecd8c7361..00000000000
|
|
|
38a2c0 |
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel7_packages_installed_wrong_target.fail.sh
|
|
|
38a2c0 |
+++ /dev/null
|
|
|
38a2c0 |
@@ -1,5 +0,0 @@
|
|
|
38a2c0 |
-#!/bin/bash
|
|
|
38a2c0 |
-# platform = Red Hat Enterprise Linux 7
|
|
|
38a2c0 |
-# packages = xorg-x11-server-Xorg,xorg-x11-server-common,xorg-x11-server-utils
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
-systemctl set-default graphical.target
|
|
|
38a2c0 |
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_correct_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_correct_target.fail.sh
|
|
|
38a2c0 |
deleted file mode 100644
|
|
|
38a2c0 |
index 14f1a97bc4f..00000000000
|
|
|
38a2c0 |
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_correct_target.fail.sh
|
|
|
38a2c0 |
+++ /dev/null
|
|
|
38a2c0 |
@@ -1,4 +0,0 @@
|
|
|
38a2c0 |
-#!/bin/bash
|
|
|
38a2c0 |
-# platform = Red Hat Enterprise Linux 8
|
|
|
38a2c0 |
-# packages = xorg-x11-server-Xorg,xorg-x11-server-common,xorg-x11-server-utils,xorg-x11-server-Xwayland
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_wrong_target.fail.sh
|
|
|
38a2c0 |
deleted file mode 100644
|
|
|
38a2c0 |
index c678ef711d9..00000000000
|
|
|
38a2c0 |
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_wrong_target.fail.sh
|
|
|
38a2c0 |
+++ /dev/null
|
|
|
38a2c0 |
@@ -1,5 +0,0 @@
|
|
|
38a2c0 |
-#!/bin/bash
|
|
|
38a2c0 |
-# platform = Red Hat Enterprise Linux 8
|
|
|
38a2c0 |
-# packages = xorg-x11-server-Xorg,xorg-x11-server-common,xorg-x11-server-utils,xorg-x11-server-Xwayland
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
-systemctl set-default graphical.target
|
|
|
38a2c0 |
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/wrong_target.fail.sh
|
|
|
38a2c0 |
deleted file mode 100644
|
|
|
38a2c0 |
index bf8a615b1dc..00000000000
|
|
|
38a2c0 |
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/wrong_target.fail.sh
|
|
|
38a2c0 |
+++ /dev/null
|
|
|
38a2c0 |
@@ -1,5 +0,0 @@
|
|
|
38a2c0 |
-#!/bin/bash
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
-yum -y remove xorg-x11-server-Xorg xorg-x11-server-common xorg-x11-server-utils xorg-x11-server-Xwayland
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
-systemctl set-default graphical.target
|
|
|
38a2c0 |
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/wrong_target_under_lib.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/wrong_target_under_lib.fail.sh
|
|
|
38a2c0 |
deleted file mode 100644
|
|
|
38a2c0 |
index 652088b85ae..00000000000
|
|
|
38a2c0 |
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/wrong_target_under_lib.fail.sh
|
|
|
38a2c0 |
+++ /dev/null
|
|
|
38a2c0 |
@@ -1,5 +0,0 @@
|
|
|
38a2c0 |
-#!/bin/bash
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
-yum -y remove xorg-x11-server-Xorg xorg-x11-server-common xorg-x11-server-utils xorg-x11-server-Xwayland
|
|
|
38a2c0 |
-
|
|
|
38a2c0 |
-ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
|