search

ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://complianceascode.readthedocs.io/en/latest/
Other
2.17k stars 686 forks source link

rhel7 rht-ccp: kernel_module_tipc_disabled #67

Closed shawndwells closed 10 years ago

shawndwells commented 10 years ago
iankko commented 10 years ago

Similarly like for RDS module case, the TIPC module / kernel object is neither built-in, nor built as module / kernel object on RHEL-7 (both results below on RHEL-7 & RHEL-6 were obtained with kernel-devel package installed):

RHEL-7 case:

# cat /usr/src/kernels/3.10.0-123.6.3.el7.x86_64/.config | grep TIPC
# CONFIG_TIPC is not set
[root@localhost ~]# modprobe tipc
modprobe: FATAL: Module tipc not found.
[root@localhost ~]# rpm -ql kernel | grep tipc | wc -l
0
[root@localhost ~]#

Not even on RHEL-6:
[root@localhost ~]# cat /usr/src/kernels/2.6.32-431.29.2.el6.i686/.config | grep TIPC
# CONFIG_TIPC is not set
[root@localhost ~]# modprobe TIPC
FATAL: Module TIPC not found.
[root@localhost ~]# rpm -ql kernel | grep tipc | wc -l
0
[root@localhost ~]#

So the requirement specified by "Disable TIPC Support" rule doesn't apply on RHEL-7 (not even on RHEL-6) since the module / functionality can't be made available without custom rebuild of kernel (IOW setting CONFIG_TIPC either to 'y' or 'm' value). But custom kernel rebuild would be unsupported configuration.

So in my opinion this rule doesn't need to be ported to RHEL-7 (particular requirement can be removed from RHEL-7's RHT-CCP profile).

shawndwells commented 10 years ago

agreed - resolving