commit 8fe724cfa0f4cea726ddd7adb44cfbba0931b865

Author: Watson Sato <wsato@redhat.com>

Date:   Mon Feb 28 10:38:13 2022 +0100

    Manual edited patch scap-security-guide-0.1.61-update_RHEL_08_040320-PR_8170.patch.

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml

index 5b3afb3..67d6836 100644

--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml

+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml

@@ -14,12 +14,3 @@

       - xorg-x11-server-Xwayland

 {{% endif %}}

     state: absent

-

-

-- name: Switch to multi-user runlevel

-  file:

-    src: /usr/lib/systemd/system/multi-user.target

-    dest: /etc/systemd/system/default.target

-    state: link

-    force: yes

-

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/bash/shared.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/bash/shared.sh

index dbabe57..496dc74 100644

--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/bash/shared.sh

+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/bash/shared.sh

@@ -12,6 +12,3 @@

 {{% if product not in ["rhel7", "ol7"] %}}

 {{{ bash_package_remove("xorg-x11-server-Xwayland") }}}

 {{% endif %}}

-

-# configure run level

-systemctl set-default multi-user.target

\ No newline at end of file

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/oval/shared.xml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/oval/shared.xml

index 0710efe..0868ec6 100644

--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/oval/shared.xml

+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/oval/shared.xml

@@ -2,10 +2,6 @@

   <definition class="compliance" id="xwindows_remove_packages" version="1">

     {{{ oval_metadata("Ensure that the default runlevel target is set to multi-user.target.") }}}

     <criteria>

-      {{%- if init_system == "systemd" and target_oval_version != [5, 10] %}}

-      

-        definition_ref="xwindows_runlevel_target" />

-      {{%- endif %}}

         test_ref="package_xorg-x11-server-Xorg_removed" />

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml

index 935766d..00ef7d8 100644

--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml

+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml

@@ -66,5 +66,7 @@ warnings:

         The installation and use of a Graphical User Interface (GUI) increases your attack vector and decreases your

         overall security posture. Removing the package xorg-x11-server-common package will remove the graphical target

         which might bring your system to an inconsistent state requiring additional configuration to access the system

-        again. If a GUI is an operational requirement, a tailored profile that removes this rule should used before

+        again.

+        The rule <tt>xwindows_runlevel_target</tt> can be used to configure the system to boot into the multi-user.target.

+        If a GUI is an operational requirement, a tailored profile that removes this rule should used before

         continuing installation.

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/correct_target.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/correct_target.pass.sh

deleted file mode 100644

index 9bf62a4..0000000

--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/correct_target.pass.sh

+++ /dev/null

@@ -1,5 +0,0 @@

-#!/bin/bash

-

-yum -y remove xorg-x11-server-Xorg xorg-x11-server-common xorg-x11-server-utils xorg-x11-server-Xwayland

-

-systemctl set-default multi-user.target

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/correct_target_under_lib.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/correct_target_under_lib.pass.sh

deleted file mode 100644

index 4eeb697..0000000

--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/correct_target_under_lib.pass.sh

+++ /dev/null

@@ -1,5 +0,0 @@

-#!/bin/bash

-

-yum -y remove xorg-x11-server-Xorg xorg-x11-server-common xorg-x11-server-utils xorg-x11-server-Xwayland

-

-ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_installed.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_installed.fail.sh

new file mode 100644

index 0000000..b3908cf

--- /dev/null

+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_installed.fail.sh

@@ -0,0 +1,8 @@

+#!/bin/bash

+

+{{{ bash_package_install("xorg-x11-server-Xorg") }}}

+{{{ bash_package_install("xorg-x11-server-utils") }}}

+{{{ bash_package_install("xorg-x11-server-common") }}}

+{{% if product not in ["rhel7", "ol7"] %}}

+{{{ bash_package_install("xorg-x11-server-Xwayland") }}}

+{{% endif %}}

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_installed_removed.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_installed_removed.pass.sh

new file mode 100644

index 0000000..abafdbd

--- /dev/null

+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_installed_removed.pass.sh

@@ -0,0 +1,16 @@

+#!/bin/bash

+# based on shared/templates/package_removed/tests/package-installed-removed.pass.sh

+

+{{{ bash_package_install("xorg-x11-server-Xorg") }}}

+{{{ bash_package_install("xorg-x11-server-utils") }}}

+{{{ bash_package_install("xorg-x11-server-common") }}}

+{{% if product not in ["rhel7", "ol7"] %}}

+{{{ bash_package_install("xorg-x11-server-Xwayland") }}}

+{{% endif %}}

+

+{{{ bash_package_remove("xorg-x11-server-Xorg") }}}

+{{{ bash_package_remove("xorg-x11-server-utils") }}}

+{{{ bash_package_remove("xorg-x11-server-common") }}}

+{{% if product not in ["rhel7", "ol7"] %}}

+{{{ bash_package_remove("xorg-x11-server-Xwayland") }}}

+{{% endif %}}

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_removed.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_removed.pass.sh

new file mode 100644

index 0000000..a403e10

--- /dev/null

+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/packages_removed.pass.sh

@@ -0,0 +1,8 @@

+#!/bin/bash

+

+{{{ bash_package_remove("xorg-x11-server-Xorg") }}}

+{{{ bash_package_remove("xorg-x11-server-utils") }}}

+{{{ bash_package_remove("xorg-x11-server-common") }}}

+{{% if product not in ["rhel7", "ol7"] %}}

+{{{ bash_package_remove("xorg-x11-server-Xwayland") }}}

+{{% endif %}}

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel7_packages_installed_correct_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel7_packages_installed_correct_target.fail.sh

deleted file mode 100644

index ff7d0ef..0000000

--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel7_packages_installed_correct_target.fail.sh

+++ /dev/null

@@ -1,4 +0,0 @@

-#!/bin/bash

-# platform = Red Hat Enterprise Linux 7

-# packages = xorg-x11-server-Xorg,xorg-x11-server-common,xorg-x11-server-utils

-

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel7_packages_installed_wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel7_packages_installed_wrong_target.fail.sh

deleted file mode 100644

index d8ecd8c..0000000

--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel7_packages_installed_wrong_target.fail.sh

+++ /dev/null

@@ -1,5 +0,0 @@

-#!/bin/bash

-# platform = Red Hat Enterprise Linux 7

-# packages = xorg-x11-server-Xorg,xorg-x11-server-common,xorg-x11-server-utils

-

-systemctl set-default graphical.target

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_correct_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_correct_target.fail.sh

deleted file mode 100644

index 14f1a97..0000000

--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_correct_target.fail.sh

+++ /dev/null

@@ -1,4 +0,0 @@

-#!/bin/bash

-# platform = Red Hat Enterprise Linux 8

-# packages = xorg-x11-server-Xorg,xorg-x11-server-common,xorg-x11-server-utils,xorg-x11-server-Xwayland

-

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_wrong_target.fail.sh

deleted file mode 100644

index c678ef7..0000000

--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_wrong_target.fail.sh

+++ /dev/null

@@ -1,5 +0,0 @@

-#!/bin/bash

-# platform = Red Hat Enterprise Linux 8

-# packages = xorg-x11-server-Xorg,xorg-x11-server-common,xorg-x11-server-utils,xorg-x11-server-Xwayland

-

-systemctl set-default graphical.target

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/wrong_target.fail.sh

deleted file mode 100644

index bf8a615..0000000

--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/wrong_target.fail.sh

+++ /dev/null

@@ -1,5 +0,0 @@

-#!/bin/bash

-

-yum -y remove xorg-x11-server-Xorg xorg-x11-server-common xorg-x11-server-utils xorg-x11-server-Xwayland

-

-systemctl set-default graphical.target

diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/wrong_target_under_lib.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/wrong_target_under_lib.fail.sh

deleted file mode 100644

index 652088b..0000000

--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/wrong_target_under_lib.fail.sh

+++ /dev/null

@@ -1,5 +0,0 @@

-#!/bin/bash

-

-yum -y remove xorg-x11-server-Xorg xorg-x11-server-common xorg-x11-server-utils xorg-x11-server-Xwayland

-

-ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target