systemd_service mask does not disable service before masking

gonoph / ansible-mitigation

Ansible Playbooks to mitigate certain CVEs

GNU General Public License v3.0

0 stars 0 forks source link

systemd_service mask does not disable service before masking #1

Closed gonoph closed 3 hours ago

gonoph commented 3 hours ago

systemd_service does not disable the service before masking, so if you manually unmask the service, it will be enabled if it was previously enabled.

Therefore mitigation attempts to mask and disable the cups-browsed.service, but if manually unmasked, then the service will be enabled if it was previously, and then started automatically on reboot.

gonoph commented 3 hours ago

this applies to mitigate.cve-2024-47176.yml