Disable Red Hat Network Service (rhnsd)
An XCCDF Rule
Description
The Red Hat Network service automatically queries Red Hat Network
servers to determine whether there are any actions that should be executed,
such as package updates. This only occurs if the system was registered to an
RHN server or satellite and managed as such.
The rhnsd
service can be disabled with the following command:
$ sudo systemctl mask --now rhnsd.service
Rationale
Although systems management and patching is extremely important to
system security, management by a system outside the enterprise enclave is not
desirable for some environments. However, if the system is being managed by RHN or
RHN Satellite Server the rhnsd
daemon can remain on.
- ID
- xccdf_org.ssgproject.content_rule_service_rhnsd_disabled
- Severity
- Low
- References
- Updated
Remediation - OS Build Blueprint
[customizations.services]
disabled = ["rhnsd"]
Remediation - Puppet
include disable_rhnsd
class disable_rhnsd {
service {'rhnsd':
enable => false,
ensure => 'stopped',
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" stop 'rhnsd.service'
"$SYSTEMCTL_EXEC" disable 'rhnsd.service'
Remediation - Kubernetes Patch
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
config:
ignition:
version: 3.1.0
Remediation - Ansible
- name: Block Disable service rhnsd
block:
- name: Disable service rhnsd
block: