Skip to content

Disable Red Hat Network Service (rhnsd)

An XCCDF Rule

Description

The Red Hat Network service automatically queries Red Hat Network servers to determine whether there are any actions that should be executed, such as package updates. This only occurs if the system was registered to an RHN server or satellite and managed as such. The rhnsd service can be disabled with the following command:

$ sudo systemctl mask --now rhnsd.service

Rationale

Although systems management and patching is extremely important to system security, management by a system outside the enterprise enclave is not desirable for some environments. However, if the system is being managed by RHN or RHN Satellite Server the rhnsd daemon can remain on.

ID
xccdf_org.ssgproject.content_rule_service_rhnsd_disabled
Severity
Low
References
Updated



Remediation - OS Build Blueprint


[customizations.services]
disabled = ["rhnsd"]

Remediation - Puppet

include disable_rhnsd

class disable_rhnsd {
  service {'rhnsd':
    enable => false,
    ensure => 'stopped',

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" stop 'rhnsd.service'
"$SYSTEMCTL_EXEC" disable 'rhnsd.service'

Remediation - Kubernetes Patch

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
  config:
    ignition:
      version: 3.1.0

Remediation - Ansible

- name: Block Disable service rhnsd
  block:

  - name: Disable service rhnsd
    block: