From 6429aa7d29a6c93a6c6826d6fa99cee162ed1c22 Mon Sep 17 00:00:00 2001 From: Gabriel Becker Date: Mon, 20 Apr 2020 12:50:27 +0200 Subject: [PATCH 01/10] Add warning to package_xorg-x11-server-common_removed. When this package is removed from a GUI environment system, it may end up with a black screen after restarting it. --- .../package_xorg-x11-server-common_removed/rule.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml index 4ce51a8141..04ee90b4d5 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml @@ -9,8 +9,8 @@ description: |- installed. If X Windows is not installed then the system cannot boot into graphical user mode. This prevents the system from being accidentally or maliciously booted into a graphical.target mode. To do so, run the following command: - 
$ sudo yum groupremove "X Window System"
- 
$ sudo yum remove xorg-x11-server-common
+ 
$ sudo {{{ pkg_manager }}} groupremove "X Window System"
+ 
$ sudo {{{ pkg_manager }}} remove xorg-x11-server-common
rationale: |- Unnecessary service packages must not be installed to decrease the attack surface of the system. X windows has a long history of security @@ -47,6 +47,14 @@ ocil: |- The output should be: 
package xorg-x11-server-common is not installed
+warnings: + - functionality: |- + The installation and use of a Graphical User Interface (GUI) increases your attack vector and decreases your + overall security posture. Removing the package xorg-x11-server-common package can + potentially remove the graphical target which might bring your system to an inconsistent state requiring + additional configuration to access the system again. If a GUI is an operational requirement, a tailored profile + that removes this rule should used before continuing installation. + template: name: package_removed vars: From 9f767c7c60e1a5b35e30cbe7f9d81288dd26ac9e Mon Sep 17 00:00:00 2001 From: Gabriel Becker Date: Mon, 20 Apr 2020 12:51:48 +0200 Subject: [PATCH 02/10] SSGTS: Encode string to UTF-8 before writing into file. --- tests/ssg_test_suite/oscap.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssg_test_suite/oscap.py b/tests/ssg_test_suite/oscap.py index 301c326835..2858963373 100644 --- a/tests/ssg_test_suite/oscap.py +++ b/tests/ssg_test_suite/oscap.py @@ -170,7 +170,7 @@ def run_stage_remediation_ansible(run_type, formatting, verbose_path): # Appends output of ansible-playbook to the verbose_path file. with open(verbose_path, 'a') as f: f.write('Stdout of "{}":'.format(command_string)) - f.write(output) + f.write(output.encode("utf-8")) if returncode != 0: msg = ( 'Ansible playbook remediation run has ' @@ -199,7 +199,7 @@ def run_stage_remediation_bash(run_type, formatting, verbose_path): # Appends output of script execution to the verbose_path file. with open(verbose_path, 'a') as f: f.write('Stdout of "{}":'.format(command_string)) - f.write(output) + f.write(output.encode("utf-8")) if returncode != 0: msg = ( 'Bash script remediation run has exited with return code {} ' From 2cb9a0eac96e2dd44c2ca8e50c8460e9f220f977 Mon Sep 17 00:00:00 2001 From: Gabriel Becker Date: Mon, 20 Apr 2020 12:52:36 +0200 Subject: [PATCH 03/10] Add check and remediation for xwindows_runlevel_target. Select this rule in profiles (RHEL6 profiles are not included) that select package_xorg-x11-server-common_removed since this rule removes a package that is dependent when using a system with GUI and the target needs to be changed from graphical.target to multi-user.target otherwise the system ends with having a black screen after restarting it. --- .../ansible/shared.yml | 12 +++++ .../xwindows_runlevel_target/bash/shared.sh | 7 +++ .../xwindows_runlevel_target/oval/shared.xml | 49 +++++++++++++++++++ .../xwindows_runlevel_target/rule.yml | 3 +- .../tests/correct_target.pass.sh | 5 ++ .../tests/wrong_target.fail.sh | 5 ++ rhel7/profiles/cis.profile | 1 + 10 files changed, 84 insertions(+), 1 deletion(-) create mode 100644 linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml create mode 100644 linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/bash/shared.sh create mode 100644 linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/oval/shared.xml create mode 100644 linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh create mode 100644 linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml new file mode 100644 index 0000000000..49cdaeb7aa --- /dev/null +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml @@ -0,0 +1,12 @@ +# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# reboot = true +# strategy = restrict +# complexity = low +# disruption = low + +- name: get default target + command: systemctl get-default + register: default_target +- name: Switch to multi-user runlevel + command: systemctl set-default multi-user.target + when: default_target.stdout != "multi-user.target" diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/bash/shared.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/bash/shared.sh new file mode 100644 index 0000000000..289a38483c --- /dev/null +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/bash/shared.sh @@ -0,0 +1,7 @@ +# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# reboot = true +# strategy = restrict +# complexity = low +# disruption = low + +systemctl set-default multi-user.target diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/oval/shared.xml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/oval/shared.xml new file mode 100644 index 0000000000..94c372ffec --- /dev/null +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/oval/shared.xml @@ -0,0 +1,49 @@ +{{%- if init_system == "systemd" and target_oval_version == [5, 10] -%}} +{{# this is the only scenario this definition cannot handle, there is no good alternative for symlink_test for OVAL 5.10 #}} +{{%- else -%}} + + + + Disable X Windows Startup By Setting Default SystemD Target + {{{- oval_affected(products) }}} + {{%- if init_system == "systemd" %}} + Checks /etc/systemd/system/default.target to ensure that the default runlevel target is set to multi-user.target. + {{%- else %}} + Checks /etc/inittab to ensure that default runlevel is set to 3. + {{%- endif %}} + + {{%- if init_system == "systemd" %}} + + + + {{%- else %}} + + + + {{%- endif %}} + + {{%- if init_system == "systemd" %}} + + + + + + /etc/systemd/system/default.target + + + /etc/systemd/system/default.target + ^/usr/lib/systemd/system/multi-user.target$ + + {{%- else %}} + + + + + /etc/inittab + ^[\s]*id:3:initdefault:[\s]*$ + 1 + + {{%- endif %}} + +{{%- endif -%}} + diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml index ed5882941c..cd04fcde8f 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,sle12,rhv4 title: 'Disable X Windows Startup By Setting Default Target' @@ -24,6 +24,7 @@ severity: medium identifiers: cce@rhel7: 27285-6 + cce@rhel8: 83380-6 references: disa: "366" diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh new file mode 100644 index 0000000000..33835c8f50 --- /dev/null +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh @@ -0,0 +1,5 @@ +#!/bin/bash +# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 + +rm -f /etc/systemd/system/default.target +ln -s /usr/lib/systemd/system/multi-user.target /etc/systemd/system/default.target diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh new file mode 100644 index 0000000000..9313dbb5a2 --- /dev/null +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh @@ -0,0 +1,5 @@ +#!/bin/bash +# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 + +rm -f /etc/systemd/system/default.target +ln -s /usr/lib/systemd/system/graphical.target /etc/systemd/system/default.target diff --git a/rhel7/profiles/cis.profile b/rhel7/profiles/cis.profile index 886e9a963a..0826a49547 100644 --- a/rhel7/profiles/cis.profile +++ b/rhel7/profiles/cis.profile @@ -226,6 +226,7 @@ selections: ### 2.2.2 Ensure X Window System is not installed (Scored) - package_xorg-x11-server-common_removed + - xwindows_runlevel_target ### 2.2.3 Ensure Avahi Server is not enabled (Scored) - service_avahi-daemon_disabled From 3e1381a89b54591b7ca6a6b54cf56c6594cb87c0 Mon Sep 17 00:00:00 2001 From: Gabriel Becker Date: Mon, 20 Apr 2020 17:46:08 +0200 Subject: [PATCH 04/10] Simplify xwindows_runlevel_target artifacts. --- .../rule.yml | 2 ++ .../ansible/shared.yml | 1 + .../xwindows_runlevel_target/oval/shared.xml | 23 +------------------ .../tests/correct_target.pass.sh | 3 +-- .../tests/wrong_target.fail.sh | 3 +-- 5 files changed, 6 insertions(+), 26 deletions(-) diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml index 04ee90b4d5..934205472b 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml @@ -9,7 +9,9 @@ description: |- installed. If X Windows is not installed then the system cannot boot into graphical user mode. This prevents the system from being accidentally or maliciously booted into a graphical.target mode. To do so, run the following command: + {{%- if product != "rhel8" and product != "rhv4" -%}} 
$ sudo {{{ pkg_manager }}} groupremove "X Window System"
+ {{%- endif %}} 
$ sudo {{{ pkg_manager }}} remove xorg-x11-server-common
rationale: |- diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml index 49cdaeb7aa..2677c96ac7 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml @@ -7,6 +7,7 @@ - name: get default target command: systemctl get-default register: default_target + - name: Switch to multi-user runlevel command: systemctl set-default multi-user.target when: default_target.stdout != "multi-user.target" diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/oval/shared.xml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/oval/shared.xml index 94c372ffec..16e15df8e1 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/oval/shared.xml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/oval/shared.xml @@ -6,23 +6,12 @@ Disable X Windows Startup By Setting Default SystemD Target {{{- oval_affected(products) }}} - {{%- if init_system == "systemd" %}} - Checks /etc/systemd/system/default.target to ensure that the default runlevel target is set to multi-user.target. - {{%- else %}} - Checks /etc/inittab to ensure that default runlevel is set to 3. - {{%- endif %}} + Ensure that the default runlevel target is set to multi-user.target. - {{%- if init_system == "systemd" %}} - {{%- else %}} - - - - {{%- endif %}} - {{%- if init_system == "systemd" %}} @@ -34,16 +23,6 @@ /etc/systemd/system/default.target ^/usr/lib/systemd/system/multi-user.target$ - {{%- else %}} - - - - - /etc/inittab - ^[\s]*id:3:initdefault:[\s]*$ - 1 - - {{%- endif %}} {{%- endif -%}} diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh index 33835c8f50..f7837a25b7 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh @@ -1,5 +1,4 @@ #!/bin/bash # platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 -rm -f /etc/systemd/system/default.target -ln -s /usr/lib/systemd/system/multi-user.target /etc/systemd/system/default.target +systemctl set-default multi-user.target diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh index 9313dbb5a2..5a20e8ce3a 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh @@ -1,5 +1,4 @@ #!/bin/bash # platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 -rm -f /etc/systemd/system/default.target -ln -s /usr/lib/systemd/system/graphical.target /etc/systemd/system/default.target +systemctl set-default graphical.target From bf0a5b6760b58ae5a7927781af3f24443b732554 Mon Sep 17 00:00:00 2001 From: Gabriel Becker Date: Mon, 20 Apr 2020 23:23:00 +0200 Subject: [PATCH 05/10] Update list of available CCE. --- shared/references/cce-redhat-avail.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt index c10448ff8d..4debf015dd 100644 --- a/shared/references/cce-redhat-avail.txt +++ b/shared/references/cce-redhat-avail.txt @@ -71,7 +71,6 @@ CCE-83376-4 CCE-83377-2 CCE-83378-0 CCE-83379-8 -CCE-83380-6 CCE-83381-4 CCE-83382-2 CCE-83383-0 From e4ab5d8502aba4e4f55aa1d6394fe47f893e68ff Mon Sep 17 00:00:00 2001 From: Gabriel Becker Date: Thu, 23 Apr 2020 16:01:06 +0200 Subject: [PATCH 06/10] Update ansible remediation for xwindows_runlevel_target to use file module. --- .../xwindows_runlevel_target/ansible/shared.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml index 2677c96ac7..72a3c5415a 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml @@ -4,10 +4,9 @@ # complexity = low # disruption = low -- name: get default target - command: systemctl get-default - register: default_target - - name: Switch to multi-user runlevel - command: systemctl set-default multi-user.target - when: default_target.stdout != "multi-user.target" + file: + src: /usr/lib/systemd/system/multi-user.target + dest: /etc/systemd/system/default.target + state: link + force: yes From d19185cd39abcb413351894384a8c603ee768470 Mon Sep 17 00:00:00 2001 From: Gabriel Becker Date: Thu, 23 Apr 2020 16:01:52 +0200 Subject: [PATCH 07/10] Update rule package_xorg-x11-server-common_removed metadata. For RHEL8 based products the group id that represents base Xorg packages is called "base-x". --- .../package_xorg-x11-server-common_removed/rule.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml index 934205472b..099ef2bc7b 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml @@ -9,7 +9,9 @@ description: |- installed. If X Windows is not installed then the system cannot boot into graphical user mode. This prevents the system from being accidentally or maliciously booted into a graphical.target mode. To do so, run the following command: - {{%- if product != "rhel8" and product != "rhv4" -%}} + {{%- if product == "rhel8" or product == "rhv4" -%}} + 
$ sudo {{{ pkg_manager }}} groupremove base-x
+ {{%- else %}} 
$ sudo {{{ pkg_manager }}} groupremove "X Window System"
{{%- endif %}} 
$ sudo {{{ pkg_manager }}} remove xorg-x11-server-common
@@ -52,10 +54,10 @@ ocil: |- warnings: - functionality: |- The installation and use of a Graphical User Interface (GUI) increases your attack vector and decreases your - overall security posture. Removing the package xorg-x11-server-common package can - potentially remove the graphical target which might bring your system to an inconsistent state requiring - additional configuration to access the system again. If a GUI is an operational requirement, a tailored profile - that removes this rule should used before continuing installation. + overall security posture. Removing the package xorg-x11-server-common package will remove the graphical target + which might bring your system to an inconsistent state requiring additional configuration to access the system + again. If a GUI is an operational requirement, a tailored profile that removes this rule should used before + continuing installation. template: name: package_removed From 568ea36774cd41778c5ffcb004c11b538697f39b Mon Sep 17 00:00:00 2001 From: Gabriel Becker Date: Thu, 23 Apr 2020 17:13:58 +0200 Subject: [PATCH 08/10] OVAL Check for xwindows_runlevel_target consider files from both /usr and /lib directory prefix. --- .../xwindows_runlevel_target/oval/shared.xml | 2 +- .../tests/correct_target_under_lib.pass.sh | 4 ++++ .../tests/wrong_target_under_lib.fail.sh | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh create mode 100644 linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/oval/shared.xml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/oval/shared.xml index 16e15df8e1..97f51c3140 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/oval/shared.xml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/oval/shared.xml @@ -21,7 +21,7 @@ /etc/systemd/system/default.target - ^/usr/lib/systemd/system/multi-user.target$ + ^(/usr)?/lib/systemd/system/multi-user.target$ {{%- endif -%}} diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh new file mode 100644 index 0000000000..f7837a25b7 --- /dev/null +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh @@ -0,0 +1,4 @@ +#!/bin/bash +# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 + +systemctl set-default multi-user.target diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh new file mode 100644 index 0000000000..408409b9b1 --- /dev/null +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh @@ -0,0 +1,4 @@ +#!/bin/bash +# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 + +ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target From e39030c464385251d0688ccb609ad10718b22359 Mon Sep 17 00:00:00 2001 From: Gabriel Becker Date: Thu, 23 Apr 2020 17:14:51 +0200 Subject: [PATCH 09/10] Update command output from instructions on how to manually set multi-user.target. --- .../disabling_xwindows/xwindows_runlevel_target/rule.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml index cd04fcde8f..79457b2b4f 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml @@ -11,8 +11,8 @@ description: |- multi-user.target will prevent automatic startup of the X server. To do so, run: 
$ systemctl set-default multi-user.target
You should see the following output: - 
rm '/etc/systemd/system/default.target'
-    ln -s '/usr/lib/systemd/system/multi-user.target' '/etc/systemd/system/default.target'
+ 
Removed symlink /etc/systemd/system/default.target.
+    Created symlink from /etc/systemd/system/default.target to /usr/lib/systemd/system/multi-user.target.
rationale: |- Services that are not required for system and application processes From 2965265fcaf9b14b53866e33d18eeb89f50902c1 Mon Sep 17 00:00:00 2001 From: Gabriel Becker Date: Thu, 23 Apr 2020 17:32:21 +0200 Subject: [PATCH 10/10] Fix location of symlink created by test scenario for xwindows_runlevel_target. --- .../tests/correct_target_under_lib.pass.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh index f7837a25b7..dc698edc50 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh @@ -1,4 +1,4 @@ #!/bin/bash # platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 -systemctl set-default multi-user.target +ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target