<def-group>
  <!-- THIS FILE IS GENERATED by create_services_disabled.py according to RHEL-7 template
       from RHEL/7/input/checks/templates/template_service_disabled. DO NOT EDIT.

       IF REQUIRED INSTEAD OF EDITING THIS FILE RATHER EDIT THAT TEMPLATE DIRECTLY.
       AFTER THAT BE SURE TO REGENERATE ALL CORRESPONDING UNCOMMENTED CHECKS FROM
       service_disabled.csv CSV FILE AND PLACE THOSE NEW OVAL VERSIONS into
       RHEL/7/input/checks DIRECTORY REPLACING THE FORMER ONES
  -->

  <definition class="compliance" id="service_SERVICENAME_disabled" version="1">
    <metadata>
      <title>Service SERVICENAME Disabled</title>
      <affected family="unix">
        <platform>Red Hat Enterprise Linux 7</platform>
      </affected>
      <description>The SERVICENAME service should be disabled if possible.</description>
    </metadata>
    <criteria operator="OR" comment="package PACKAGENAME removed or service SERVICENAME is not configured to start">
      <extend_definition comment="PACKAGENAME removed" definition_ref="package_PACKAGENAME_removed" />
      <criteria operator="OR" comment="service SERVICENAME is not configured to start">
        <criterion comment="SERVICENAME masked" test_ref="test_SERVICENAME_masked" />
        <criteria operator="AND" comment="service SERVICENAME is disabled on boot and not enabled at runtime">
          <criterion comment="SERVICENAME disabled on boot" test_ref="test_SERVICENAME_disabled_on_boot" />
          <criterion comment="SERVICENAME not enabled at runtime" test_ref="test_SERVICENAME_runtime_not_enabled" />
        </criteria>
      </criteria>
    </criteria>
  </definition>

  <!-- Test if SERVICENAME is masked -->
  <unix:file_test id="test_SERVICENAME_masked" check="all" check_existence="at_least_one_exists" comment="Test if SERVICENAME is masked" version="1">
    <unix:object object_ref="object_SERVICENAME_masked" />
  </unix:file_test>

  <unix:file_object id="object_SERVICENAME_masked" comment="/etc/systemd/system/SERVICENAME.service exists" version="1">
    <unix:filepath>/etc/systemd/system/SERVICENAME.service</unix:filepath>
  </unix:file_object>

  <!-- Test if SERVICENAME is disabled for all targets on boot -->
  <unix:file_test id="test_SERVICENAME_disabled_on_boot" check="all" check_existence="none_exist" comment="Test if SERVICENAME not enabled on boot" version="1">
    <unix:object object_ref="object_SERVICENAME_disabled_on_boot" />
  </unix:file_test>

  <unix:file_object id="object_SERVICENAME_disabled_on_boot" comment="No /etc/systemd/system/*.wants/SERVICENAME.service exists" version="1">
    <!-- Don't follow symbolic links below to search just through /etc/systemd/system/* content -->
    <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local" />
    <unix:path>/etc/systemd/system</unix:path>
    <unix:filename>SERVICENAME.service</unix:filename>
    <!-- Include all symbolic link entities in the /etc/systemd/system directory tree -->
    <filter action="include">state_SERVICENAME_symlink</filter>
    <!-- But exclude that one causing service to be masked -->
    <filter action="exclude">state_SERVICENAME_masked_symlink</filter>
  </unix:file_object>

  <unix:file_state id="state_SERVICENAME_symlink" version="1">
    <unix:type>symbolic link</unix:type>
  </unix:file_state>

  <unix:file_state id="state_SERVICENAME_masked_symlink" version="1">
    <unix:filepath>/etc/systemd/system/SERVICENAME.service</unix:filepath>
  </unix:file_state>

  <!-- Test if SERVICENAME is not enabled at runtime -->
  <unix:file_test id="test_SERVICENAME_runtime_not_enabled" check="all" check_existence="none_exist" comment="Test if SERVICENAME not enabled at runtime" version="1">
    <unix:object object_ref="object_SERVICENAME_runtime_not_enabled" />
  </unix:file_test>

  <unix:file_object id="object_SERVICENAME_runtime_not_enabled" comment="No /run/systemd/system/*.wants/SERVICENAME.service exists" version="1">
    <!-- Don't follow symbolic links below to search just through /run/systemd/system/* content -->
    <unix:behaviors recurse="directories" recurse_direction="down" max_depth="-1" recurse_file_system="local" />
    <unix:path>/run/systemd/system</unix:path>
    <unix:filename>SERVICENAME.service</unix:filename>
    <!-- Include all symbolic link entities in the /run/systemd/system directory tree -->
    <filter action="include">state_SERVICENAME_symlink</filter>
  </unix:file_object>

</def-group>
