{"description": "The Red Hat Network service automatically queries Red Hat Network\nservers to determine whether there are any actions that should be executed,\nsuch as package updates. This only occurs if the system was registered to an\nRHN server or satellite and managed as such.\n\nThe <code>rhnsd</code> service can be disabled with the following command:\n<pre>$ sudo systemctl mask --now rhnsd.service</pre>", "rationale": "Although systems management and patching is extremely important to\nsystem security, management by a system outside the enterprise enclave is not\ndesirable for some environments.  However, if the system is being managed by RHN or\n RHN Satellite Server the <tt>rhnsd</tt> daemon can remain on.", "severity": "low", "references": {"cis-csc": ["11", "12", "14", "15", "3", "8", "9"], "cobit5": ["APO13.01", "BAI10.01", "BAI10.02", "BAI10.03", "BAI10.05", "DSS01.04", "DSS05.02", "DSS05.03", "DSS05.05", "DSS06.06"], "isa-62443-2009": ["4.3.3.5.1", "4.3.3.5.2", "4.3.3.5.3", "4.3.3.5.4", "4.3.3.5.5", "4.3.3.5.6", "4.3.3.5.7", "4.3.3.5.8", "4.3.3.6.1", "4.3.3.6.2", "4.3.3.6.3", "4.3.3.6.4", "4.3.3.6.5", "4.3.3.6.6", "4.3.3.6.7", "4.3.3.6.8", "4.3.3.6.9", "4.3.3.7.1", "4.3.3.7.2", "4.3.3.7.3", "4.3.3.7.4", "4.3.4.3.2", "4.3.4.3.3"], "isa-62443-2013": ["SR 1.1", "SR 1.10", "SR 1.11", "SR 1.12", "SR 1.13", "SR 1.2", "SR 1.3", "SR 1.4", "SR 1.5", "SR 1.6", "SR 1.7", "SR 1.8", "SR 1.9", "SR 2.1", "SR 2.2", "SR 2.3", "SR 2.4", "SR 2.5", "SR 2.6", "SR 2.7", "SR 3.1", "SR 3.5", "SR 3.8", "SR 4.1", "SR 4.3", "SR 5.1", "SR 5.2", "SR 5.3", "SR 7.1", "SR 7.6"], "iso27001-2013": ["A.11.2.6", "A.12.1.2", "A.12.5.1", "A.12.6.2", "A.13.1.1", "A.13.2.1", "A.14.1.3", "A.14.2.2", "A.14.2.3", "A.14.2.4", "A.6.2.1", "A.6.2.2", "A.9.1.2"], "nist": ["CM-7(a)", "CM-7(b)", "CM-6(a)"], "nist-csf": ["PR.AC-3", "PR.IP-1", "PR.PT-3", "PR.PT-4"]}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "the \"rhnsd\" is loaded and not masked", "ocil": "To check that the <code>rhnsd</code> service is disabled in system boot configuration,\nrun the following command:\n<pre>$ sudo systemctl is-enabled <code>rhnsd</code></pre>\nOutput should indicate the <code>rhnsd</code> service has either not been installed,\nor has been disabled at all runlevels, as shown in the example below:\n<pre>$ sudo systemctl is-enabled <code>rhnsd</code><br/> disabled</pre>\n\nRun the following command to verify <code>rhnsd</code> is not active (i.e. not running) through current runtime configuration:\n<pre>$ sudo systemctl is-active rhnsd</pre>\n\nIf the service is not running the command will return the following output:\n<pre>inactive</pre>\n\nThe service will also be masked, to check that the <code>rhnsd</code> is masked, run the following command:\n<pre>$ sudo systemctl show <code>rhnsd</code> | grep \"LoadState\\|UnitFileState\"</pre>\n\nIf the service is masked the command will return the following outputs:\n\n<pre>LoadState=masked</pre>\n\n<pre>UnitFileState=masked</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {"check-import": "stdout", "platform": ["multi_platform_all"], "environment": "any", "filename": "service_rhnsd_disabled.sh", "relative_path": "ubuntu2204/checks/sce/service_rhnsd_disabled.sh"}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Disable Red Hat Network Service (rhnsd)", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml", "template": {"name": "service_disabled", "vars": {"servicename": "rhnsd"}, "backends": {}}}