Preupgrade Assistant migration tool
with profile Preupgrade assistant defaultThis profile is designed for the Preupgrade Assistant tool.
This is a checklist of configuration settings intended to be used as RedHat Enterprise Linux migration tool.
The checklist can be processed by varius tools which enable users to:
- define profiles with customized security policies,
- audit systems to determine compliance with targeted security policy and
- adjust system configuration.
Evaluation Characteristics
Target machine | rhel66test |
---|---|
Benchmark URL | /root/preupgrade/RHEL6_7/all-xccdf.xml |
Benchmark ID | xccdf_preupg-content_benchmark_all |
Profile ID | xccdf_preupg_profile_default |
Started at | 2017-01-05T10:07:50 |
Finished at | 2017-01-05T10:12:26 |
Performed by | root |
CPE Platforms
- cpe:/o:redhat:enterprise_linux:6
Addresses
- IPv4 Â 127.0.0.1
- IPv4 Â 10.0.21.170
- IPv6 Â 0:0:0:0:0:0:0:1
- IPv6 Â fe80:0:0:0:20c:29ff:fe0d:7641
- MAC Â 00:00:00:00:00:00
- MAC Â 00:0C:29:0D:76:41
Compliance and Scoring
Rule results
Severity of failed rules
Score
Scoring system | Score | Maximum | Percent |
---|---|---|---|
urn:xccdf:scoring:default | 54.409092 | 100.000000 | |
urn:xccdf:scoring:flat | 38.000000 | 61.000000 |
Rule Overview
Title | Severity | Result |
---|---|---|
Preupgrade Assistant migration tool | ||
Backup | ||
Configuration Files to Review | ||
Configuration Files to Review | needs_action | |
File Lists for Manual Migration | ||
File Lists for Manual Migration | needs_inspection | |
Bacula Backup Software | ||
Bacula Backup Software | notapplicable | |
Databases | ||
MySQL contents for migration | ||
MySQL configuration | ||
MySQL configuration | needs_action | |
Migration of the MySQL data stack | ||
Migration of the MySQL data stack | notapplicable | |
Changes related to moving from MySQL to MariaDB | ||
Changes related to moving from MySQL to MariaDB | notapplicable | |
PostgreSQL upgrade content | ||
PostgreSQL upgrade content | notapplicable | |
Desktop | ||
GNOME Desktop Environment underwent several design modifications in Red Hat Enterprise Linux 7 release | ||
GNOME Desktop Environment underwent several design modifications in Red Hat Enterprise Linux 7 release | notapplicable | |
KDE Desktop Environment underwent several design modifications in Red Hat Enterprise Linux 7 release | ||
KDE Desktop Environment underwent several design modifications in Red Hat Enterprise Linux 7 release | notapplicable | |
Drivers | ||
POWER6 processors are unsupported on ppc in Red Hat Enterprise Linux 7 | ||
POWER6 processors are unsupported on ppc in Red Hat Enterprise Linux 7 | pass | |
several graphic drivers not supported in Red Hat Enterprise Linux 7 | ||
several graphic drivers not supported in Red Hat Enterprise Linux 7 | notapplicable | |
several input drivers not supported in Red Hat Enterprise Linux 7 | ||
several input drivers not supported in Red Hat Enterprise Linux 7 | notapplicable | |
several kernel networking drivers not available in Red Hat Enterprise Linux 7 | ||
several kernel networking drivers not available in Red Hat Enterprise Linux 7 | pass | |
several kernel storage drivers not available in Red Hat Enterprise Linux 7 | ||
several kernel storage drivers not available in Red Hat Enterprise Linux 7 | pass | |
Networking | ||
Names, Options and Output Format Changes in arptables | ||
Names, Options and Output Format Changes in arptables | notapplicable | |
BIND9 | ||
BIND9 running in a chroot environment check. | ||
BIND9 running in a chroot environment check. | notapplicable | |
BIND9 configuration compatibility check | ||
BIND9 configuration compatibility check | notapplicable | |
Move dhcpd/dhcprelay arguments from /etc/sysconfig/* to *.service files | ||
Move dhcpd/dhcprelay arguments from /etc/sysconfig/* to *.service files | notapplicable | |
DNSMASQ configuration compatibility check | ||
DNSMASQ configuration compatibility check | notapplicable | |
Dovecot configuration compatibility check | ||
Dovecot configuration compatibility check | notapplicable | |
Compatibility Between iptables and ip6tables | ||
Compatibility Between iptables and ip6tables | informational | |
Net-SNMP check | ||
Net-SNMP check | notapplicable | |
Check NFSv2 | ||
Check NFSv2 | informational | |
Openldap server deamon configuration | ||
Openldap server deamon configuration | notapplicable | |
Check ssh configuration file and fix ssh keys | ||
Check ssh configuration file and fix ssh keys | fixed | |
Check openssh-keycat | ||
Check openssh-keycat | needs_inspection | |
Postfix configuration compatibility check | ||
Postfix configuration compatibility check | informational | |
Sendmail configuration compatibility check | ||
Sendmail configuration compatibility check | notapplicable | |
Squid configuration compatibility check | ||
Squid configuration compatibility check | notapplicable | |
Information about VSFTP daemon configuration | ||
Information about VSFTP daemon configuration | notapplicable | |
Others | ||
Reusable Configuration Files | ||
Reusable Configuration Files | pass | |
Check changed config files | ||
Check changed config files | needs_inspection | |
Rsyslog configuration icompatibility | ||
Rsyslog configuration icompatibility | informational | |
Searching for VCS repositories | ||
Searching for VCS repositories | informational | |
Packages | ||
Added options in packages | ||
Added and extended options for BIND9 configuration | ||
Added and extended options for BIND9 configuration | notapplicable | |
Added options in DNSMASQ configuration | ||
Added options in DNSMASQ configuration | notapplicable | |
Information about the changes of utilities | ||
Information about the changes of utilities | needs_inspection | |
Check packages from other variants | ||
Check packages from other variants | needs_action | |
Checking for load balancer support. | ||
Checking for load balancer support. | notapplicable | |
Packages not signed by Red Hat | ||
Packages not signed by Red Hat | needs_action | |
Obsoleted rpms | ||
Obsoleted rpms | needs_inspection | |
w3m not available in Red Hat Enterprise Linux 7 | ||
w3m not available in Red Hat Enterprise Linux 7 | notapplicable | |
report incompatibilities between Red Hat Enterprise Linux 6 and 7 in qemu-guest-agent package | ||
report incompatibilities between Red Hat Enterprise Linux 6 and 7 in qemu-guest-agent package | notapplicable | |
Removed options in packages | ||
Removed Options in coreutils | ||
Removed Options in coreutils | informational | |
Removed options in gawk binaries | ||
Removed options in gawk binaries | informational | |
Information about removed options in grep binaries | ||
Information about removed options in grep binaries | informational | |
Removed options in netstat binary | ||
Removed options in netstat binary | informational | |
Removed options in quota tools | ||
Removed options in quota tools | informational | |
Information about removed or deprecated options in util-linux (util-linux-ng) binaries | ||
Information about removed or deprecated options in util-linux (util-linux-ng) binaries | informational | |
Removed rpms | ||
Removed rpms | needs_action | |
taskjuggler not available in Red Hat Enterprise Linux 7 | ||
taskjuggler not available in Red Hat Enterprise Linux 7 | notapplicable | |
Replaced rpms | ||
Replaced rpms | needs_action | |
GMP library incompatibilities | ||
GMP library incompatibilities | informational | |
Packages providing 'java' changed | ||
Packages providing 'java' changed | informational | |
RHEL not-base channels required | ||
RHEL not-base channels required | needs_action | |
package downgrades | ||
package downgrades | fixed | |
SELinux issues | ||
SELinux Custom Policy | ||
SELinux Custom Policy | fixed | |
restore custom selinux configuration | ||
restore custom selinux configuration | notapplicable | |
General | ||
General | needs_action | |
samba shared directories selinux | ||
samba shared directories selinux | notapplicable | |
Services | ||
CUPS Browsing/BrowsePoll configuration | ||
CUPS Browsing/BrowsePoll configuration | fixed | |
CVS Package Split | ||
CVS Package Split | informational | |
FreeRADIUS Upgrade Verification | ||
FreeRADIUS Upgrade Verification | notapplicable | |
Checking httpd configuration compatibility | ||
Checking httpd configuration compatibility | notapplicable | |
IPA (Identity-Policy-Audit) | ||
bind-dyndb-ldap | ||
bind-dyndb-ldap | notapplicable | |
Identity Management Server compatibility check | ||
Identity Management Server compatibility check | notapplicable | |
IPA Server CA Verification | ||
IPA Server CA Verification | notapplicable | |
NTP | ||
NTP configuration | ||
NTP configuration | pass | |
Information on time-sync.target | ||
Information on time-sync.target | pass | |
OpenLDAP /etc/sysconfig and data compatibility | ||
OpenLDAP /etc/sysconfig and data compatibility | notapplicable | |
OpenSSH | ||
OpenSSH sshd_config migration content | ||
OpenSSH sshd_config migration content | pass | |
OpenSSH sysconfig migration content | ||
OpenSSH sysconfig migration content | fixed | |
Quota NLD | ||
Configuration for quota_nld service | ||
Configuration for quota_nld service | pass | |
Disk quota netlink message daemon moved into quota-nld package | ||
Disk quota netlink message daemon moved into quota-nld package | pass | |
SSSD compatibility check | ||
SSSD compatibility check | notapplicable | |
Storage | ||
Detect LUKS devices using Whirlpool for password hash. | ||
Detect LUKS devices using Whirlpool for password hash. | pass | |
Clvmd and cmirrord daemon management. | ||
Clvmd and cmirrord daemon management. | notapplicable | |
State of LVM2 services. | ||
State of LVM2 services. | fixed | |
device-mapper-multipath configuration compatibility check | ||
device-mapper-multipath configuration compatibility check | notapplicable | |
Removal of scsi-target-utils | ||
Removal of scsi-target-utils | notapplicable | |
Warnquota contents for migration | ||
Configuration for warnquota tool | ||
Configuration for warnquota tool | pass | |
Disk quota tool warnquota moved into quota-warnquota package | ||
Disk quota tool warnquota moved into quota-warnquota package | informational | |
System | ||
Check for Add-On availability | ||
Check for Add-On availability | needs_action | |
Information about the supported architecture | ||
Information about the supported architecture | pass | |
Binary rebuilds | ||
Binary rebuilds | pass | |
Debuginfo packages | ||
Debuginfo packages | pass | |
Filesystem Hierarchy Standard | ||
Read Only FHS directories | ||
Read Only FHS directories | pass | |
Check FHS for /var incompabilities. | ||
Check FHS for /var incompabilities. | informational | |
In-place Upgrade Requirements for the /usr/ Directory | ||
In-place Upgrade Requirements for the /usr/ Directory | pass | |
HA-Cluster | ||
Cluster and High Availability | ||
Cluster and High Availability | pass | |
Quorum implementation | ||
Quorum implementation | notapplicable | |
fix krb5kdc config file | ||
fix krb5kdc config file | notapplicable | |
File Systems, Partitions and Mounts Configuration Review | ||
File Systems, Partitions and Mounts Configuration Review | informational | |
Removable media in fstab | ||
Removable media in fstab | informational | |
Sonamebumped libs | ||
Sonamebumped libs | needs_inspection | |
SonameKept Reusable Dynamic Libraries | ||
SonameKept Reusable Dynamic Libraries | informational | |
Removed .so libs | ||
Removed .so libs | needs_inspection | |
CGROUP_DAEMON in sysconfig scripts | ||
CGROUP_DAEMON in sysconfig scripts | pass | |
Checking the system version and variant | ||
Checking the system version and variant | pass | |
Checking for the AIDE tool | ||
Checking for the AIDE tool | notapplicable | |
CA certificate bundles modified | ||
CA certificate bundles modified | pass | |
Developer Tool Set packages | ||
Developer Tool Set packages | pass | |
GRUB to GRUB2 migration | ||
GRUB to GRUB2 migration | needs_inspection | |
Workaround for crashing grubby. | ||
Workaround for crashing grubby. | fixed | |
Obsoleted HAL (Hardware Abstraction Layer) | ||
Obsoleted HAL (Hardware Abstraction Layer) | pass | |
Hyper-V | ||
Hyper-V | pass | |
Initscripts contents for migration | ||
Content for enabling and disabling services based on RHEL 6 system | ||
Content for enabling and disabling services based on RHEL 6 system | needs_action | |
Check for ethernet interface naming | ||
Check for ethernet interface naming | needs_inspection | |
User modification in /etc/rc.local and /etc/rc.d/rc.local | ||
User modification in /etc/rc.local and /etc/rc.d/rc.local | pass | |
Kernel-kdump package on s390x architecture | ||
Kernel-kdump package on s390x architecture | notapplicable | |
cgroups configuration compatibility check | ||
cgroups configuration compatibility check | needs_action | |
Plugable authentication modules (PAM) | ||
Plugable authentication modules (PAM) | pass | |
Foreign Perl modules | ||
Foreign Perl modules | informational | |
PHP modules | ||
PHP modules | notapplicable | |
PolicyKit (alias polkit) config files | ||
PolicyKit (alias polkit) config files | informational | |
Information about the changes in Python packages | ||
Information about the changes in Python packages | needs_inspection | |
Save repositories for kickstart | ||
Save repositories for kickstart | needs_inspection | |
Check system requirements | ||
Check system requirements | pass | |
Ruby 2.0.0 | ||
Ruby 2.0.0 | notapplicable | |
SCL collections | ||
SCL collections | pass | |
Red Hat Network Classic Unsupported | ||
Red Hat Network Classic Unsupported | notapplicable | |
Red Hat Subscription Manager | ||
Red Hat Subscription Manager | pass | |
System kickstart | ||
System kickstart | pass | |
Tuned profiles | ||
Tuned profiles | notapplicable | |
UEFI bootloader | ||
UEFI bootloader | informational | |
YABOOT bootloader | ||
YABOOT bootloader | notapplicable | |
YUM | ||
YUM | informational | |
User Management | ||
Check for usage of dangerous ranges of UID and GIDs | ||
Check for usage of dangerous ranges of UID and GIDs | pass | |
Incorrect usage of reserved UID/GIDs | ||
Incorrect usage of reserved UID/GIDs | needs_inspection | |
Check libuser.conf | ||
Check libuser.conf | pass | |
NIS ypbind config files back-up | ||
NIS ypbind config files back-up | notapplicable | |
ypserv | ||
NIS Makefile back-up | ||
NIS Makefile back-up | notapplicable | |
NIS server maps check | ||
NIS server maps check | notapplicable | |
NIS server MAXUID and MAXGID limits check | ||
NIS server MAXUID and MAXGID limits check | notapplicable | |
NIS server config file back-up | ||
NIS server config file back-up | notapplicable |
Result Details
Configuration Files to Review
Rule ID | xccdf_preupg_rule_backup_NoverifyConfigs_noverifycfg |
Result | needs_action |
Time | 2017-01-05T10:07:55 |
Severity | |
Identifiers and References | |
Description | This module stores some system configuration files that can have been modified by the user when it is not possible to automatically upgrade them. |
SCE stdout
| |
Remediation description: Some packages do not track the possible performed changes to system configuration files; therefore, it cannot be easily determined if the files have been modified by the user or not. In order to allow for later examination, all configuration files not handled by the migration scripts are stored in the dirtyconf/ directory. The list of the stored files is available in the ./kickstart/noverifycfg file. The user is advised to verify the functionality of configuration files stored by this tool after a successful upgrade. |
File Lists for Manual Migration
Rule ID | xccdf_preupg_rule_backup_UntrackedFiles_untracked |
Result | needs_inspection |
Time | 2017-01-05T10:07:55 |
Severity | |
Identifiers and References | |
Description | This module generates lists of files, such as temporary, application, and user data files, which are not automatically migrated. |
SCE stdout
| |
Remediation description: Some user data, such as user home directories and temporary files, are not tracked by the RPM database. This data will not be automatically migrated. To assist you with migrating the data, this module has generated the following three files. * The ./kickstart/untrackedsystem file lists the regular files on the system that will not be migrated. The list does not contain files mounted over the network, files created by runtime system operations, files in temporary locations, and user files in the /home/ or /root/ directory. * The ./kickstart/untrackeduser file lists the regular local files in the /home/ and /root/ directories that will not be migrated. If the /home/ and /root/ directories are on a file system mounted over the network, this file can be empty. * The ./kickstart/untrackedexpected file lists the regular files and symlinks created by runtime system operations (for example handling runlevels, alternatives and active SELinux modules). Most likely you don't need to care about them, list is available just for completeness. * The ./kickstart/untrackedtemporary file lists all temporary local files on the system that will not be migrated. This is essentially everything in the /cgroup/, /tmp/, and /var/ directories. Most likely you don't need to care about them, list is available just for completeness. It is recommended that you backup all data before proceeding with the upgrade to Red Hat Enterprise Linux 7. This data can be quite large. If you are performing an in-place upgrade, this data should remain in its current location after the upgrade. Configuration files and other data should be reviewed to determine if any modifications are needed for use with Red Hat Enterprise Linux 7. You should verify that all data was successfully maintained. If you are performing a migration upgrade, this data must be backed up to another storage medium. You will need to copy the data you wish to have on the new installation back into place after the upgrade is complete. Configuration files and other data should be reviewed to determine if any modifications are needed for use with Red Hat Enterprise Linux 7. |
Bacula Backup Software
Rule ID | xccdf_preupg_rule_backup_bacula_check |
Result | notapplicable |
Time | 2017-01-05T10:07:55 |
Severity | |
Identifiers and References | |
Description | This module verifies the directory permissions for the Bacula service. |
SCE stdout
|
MySQL configuration
Rule ID | xccdf_preupg_rule_databases_mysql_configuration_changes_configuration |
Result | needs_action |
Time | 2017-01-05T10:07:55 |
Severity | |
Identifiers and References | |
Description | Check MySQL configuration |
SCE stdout
| |
Remediation description: During in-place upgrade, the old MySQL 5.1 RPM package is uninstalled and the new MariaDB 5.5 RPM package is installed, but RPM does not take this operations as an update. Note that the MySQL RPM renames /etc/my.cnf to /etc/my.cnf.rpmsave on uninstall. After installing MariaDB you should do the following to restore your old configuration options: root> mv -vi /etc/my.cnf.rpmsave /etc/my.cnf You can find more on: https://access.redhat.com/articles/723833 |
Migration of the MySQL data stack
Rule ID | xccdf_preupg_rule_databases_mysql_data_migration_migration |
Result | notapplicable |
Time | 2017-01-05T10:07:55 |
Severity | |
Identifiers and References | |
Description | Migrate the MySQL data stack to the new version of MariaDB |
SCE stdout
|
Changes related to moving from MySQL to MariaDB
Rule ID | xccdf_preupg_rule_databases_mysql_general_changes_general |
Result | notapplicable |
Time | 2017-01-05T10:07:55 |
Severity | |
Identifiers and References | |
Description | Mind that MySQL is replaced by MariaDB in default MySQL implementation |
SCE stdout
|
PostgreSQL upgrade content
Rule ID | xccdf_preupg_rule_databases_postgresql_pre |
Result | notapplicable |
Time | 2017-01-05T10:07:55 |
Severity | |
Identifiers and References | |
Description | PostgreSQL upgrade content |
SCE stdout
|
GNOME Desktop Environment underwent several design modifications in Red Hat Enterprise Linux 7 release
Rule ID | xccdf_preupg_rule_desktop_GNOME_gnome |
Result | notapplicable |
Time | 2017-01-05T10:07:55 |
Severity | |
Identifiers and References | |
Description | GNOME Desktop Environment underwent several design modifications in Red Hat Enterprise Linux 7 release. |
SCE stdout
|
KDE Desktop Environment underwent several design modifications in Red Hat Enterprise Linux 7 release
Rule ID | xccdf_preupg_rule_desktop_KDE_kde |
Result | notapplicable |
Time | 2017-01-05T10:07:55 |
Severity | |
Identifiers and References | |
Description | KDE Desktop Environment underwent several design modifications in Red Hat Enterprise Linux 7 release. |
SCE stdout
|
POWER6 processors are unsupported on ppc in Red Hat Enterprise Linux 7
Rule ID | xccdf_preupg_rule_drivers_ObsoletePOWER6Processors_powerprocessor |
Result | pass |
Time | 2017-01-05T10:07:55 |
Severity | |
Identifiers and References | |
Description | POWER6 processors are unsupported on ppc architecture in Red Hat Enterprise Linux 7. |
several graphic drivers not supported in Red Hat Enterprise Linux 7
Rule ID | xccdf_preupg_rule_drivers_ObsoletedGraphicDrivers_obsoletedGraphicDrivers |
Result | notapplicable |
Time | 2017-01-05T10:07:56 |
Severity | |
Identifiers and References | |
Description | Several graphic drivers packages were deprecated or removed in Red Hat Enterprise Linux 7. |
SCE stdout
|
several input drivers not supported in Red Hat Enterprise Linux 7
Rule ID | xccdf_preupg_rule_drivers_ObsoletedInputDrivers_obsoletedInputDrivers |
Result | notapplicable |
Time | 2017-01-05T10:07:56 |
Severity | |
Identifiers and References | |
Description | Several input drivers packages were deprecated or removed in Red Hat Enterprise Linux 7. |
SCE stdout
|
several kernel networking drivers not available in Red Hat Enterprise Linux 7
Rule ID | xccdf_preupg_rule_drivers_ObsoletedNetworkDrivers_obsoletedNetworkDrivers |
Result | pass |
Time | 2017-01-05T10:07:56 |
Severity | |
Identifiers and References | |
Description | Several kernel networking drivers were removed from Red Hat Enterprise Linux 7. |
several kernel storage drivers not available in Red Hat Enterprise Linux 7
Rule ID | xccdf_preupg_rule_drivers_ObsoletedStorageDrivers_obsoletedStorageDrivers |
Result | pass |
Time | 2017-01-05T10:07:57 |
Severity | |
Identifiers and References | |
Description | Several kernel storage drivers were deprecated or removed in Red Hat Enterprise Linux 7. |
BIND9 running in a chroot environment check.
Rule ID | xccdf_preupg_rule_networking_bind_bind-chroot_check_script |
Result | notapplicable |
Time | 2017-01-05T10:07:57 |
Severity | |
Identifiers and References | |
Description | The way how BIND9 running in a chroot environment is started changed between Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. This module checks if chroot environment specific packages for BIND9 have been installed and points the administrator to the Red Hat Knowledgebase article. |
SCE stdout
|
BIND9 configuration compatibility check
Rule ID | xccdf_preupg_rule_networking_bind_configuration_check_script |
Result | notapplicable |
Time | 2017-01-05T10:07:57 |
Severity | |
Identifiers and References | |
Description | Checks BIND9 configuration compatibility File(s) affected:
|
SCE stdout
|
Move dhcpd/dhcprelay arguments from /etc/sysconfig/* to *.service files
Rule ID | xccdf_preupg_rule_networking_dhcp_check_script |
Result | notapplicable |
Time | 2017-01-05T10:07:57 |
Severity | |
Identifiers and References | |
Description | Files /etc/sysconfig/[dhcpd|dhcrelay] containing customization arguments are deprecated in favour of *.service files. The arguments are automatically moved during update. This content checks if user specified any arguments and if so, informs him about the move. |
SCE stdout
|
DNSMASQ configuration compatibility check
Rule ID | xccdf_preupg_rule_networking_dnsmasq_check_script |
Result | notapplicable |
Time | 2017-01-05T10:07:57 |
Severity | |
Identifiers and References | |
Description | Checks DNSMASQ configuration compatibility File(s) affected:
|
SCE stdout
|
Dovecot configuration compatibility check
Rule ID | xccdf_preupg_rule_networking_dovecot_check_script |
Result | notapplicable |
Time | 2017-01-05T10:07:57 |
Severity | |
Identifiers and References | |
Description | Checks Dovecot configuration compatibility File(s) affected:
|
SCE stdout
|
Compatibility Between iptables and ip6tables
Rule ID | xccdf_preupg_rule_networking_iptables_check_script |
Result | informational |
Time | 2017-01-05T10:07:57 |
Severity | |
Identifiers and References | |
Description | The firewalld service is now the default firewall service. File(s) affected:
|
SCE stdout
| |
Remediation description: If you are migrating from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7, verify whether you have the iptables-services packages installed after performing the upgrade by running the "rpm -q iptables-services" command as root. Also, verify that iptables and ip6tables services are enabled by running the "systemctl is-enabled iptables" and "systemctl is-enabled ip6tables" commands as root. For more details about migrating the firewall service from Red Hat Enterprise Linux 6, see the section about the firewalld service in the Red Hat Enterprise Linux 7 Migration Planning guide at https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Migration_Planning_Guide/. If you perform a clean installation of Red Hat Enterprise Linux 7, the firewalld service will be installed on your system instead of iptables and ip6tables. For further details about the firewalld service, see the section about firewalls in Red Hat Enterprise Linux 7 Security Guide. You can access the guide at https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/. |
Net-SNMP check
Rule ID | xccdf_preupg_rule_networking_net-snmp_check_script |
Result | notapplicable |
Time | 2017-01-05T10:07:57 |
Severity | |
Identifiers and References | |
Description | Check if Net-SNMP daemon (snmpd) is enabled. |
SCE stdout
|
Check NFSv2
Rule ID | xccdf_preupg_rule_networking_nfsv2_check |
Result | informational |
Time | 2017-01-05T10:07:57 |
Severity | |
Identifiers and References | |
Description | NFSv2 is not supported since RHEL 7. Therefore check if exists configuration which requires directly NFSv2 and fix it if it's possible. |
Remediation description: NFS protocol version 2 is not supported since RHEL7. ----------------------------------------------------- |
Openldap server deamon configuration
Rule ID | xccdf_preupg_rule_networking_openldap_check |
Result | notapplicable |
Time | 2017-01-05T10:07:57 |
Severity | |
Identifiers and References | |
Description | Openldap server configuration has different format since version 2.4 |
SCE stdout
|
Check ssh configuration file and fix ssh keys
Rule ID | xccdf_preupg_rule_networking_openssh_check |
Result | fixed |
Time | 2017-01-05T10:07:58 |
Severity | |
Identifiers and References | |
Description | AuthorizedKeysCommand and AuthorizedKeysCommandUser are not accepted if they are under Match section. Server's ssh keys have different permissions and group on RHEL 7. |
Remediation description: Private server's ssh keys inside /etc/ssh have different group and permissions on RHEL 7 system. These keys will be fixed by postupgrade script. |
Check openssh-keycat
Rule ID | xccdf_preupg_rule_networking_openssh-keycat_check |
Result | needs_inspection |
Time | 2017-01-05T10:07:58 |
Severity | |
Identifiers and References | |
Description | ssh-keycat is moved to own subpackage |
SCE stdout
| |
Remediation description: ssh-keycat files (below) are moved to new package 'openssh-keycat': /etc/pam.d/ssh-keycat /usr/libexec/openssh/ssh-keycat /usr/share/doc/openssh-server-5.3p1/HOWTO.ssh-keycat If you want ssh-keycat anymore, you need install openssh-keycat package. |
Postfix configuration compatibility check
Rule ID | xccdf_preupg_rule_networking_postfix_check_script |
Result | informational |
Time | 2017-01-05T10:07:58 |
Severity | |
Identifiers and References | |
Description | Checks postfix configuration compatibility File(s) affected:
|
Remediation description: Please upgrade your configuration by: postfix upgrade-configuration If you plan to use postscreen daemon, please restart postfix service by: systemctl restart postfix There is new smtpd_relay_restrictions parameter with the built-in default settings: smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination This safety net prevents open relay problems due to mistakes with spam filter rules in smtpd_recipient_restrictions. If your site has a complex mail relay policy configured under smtpd_recipient_restrictions, this safety net may defer mail that Postfix should accept. To fix this safety net, take one of the following actions: - Set smtpd_relay_restrictions empty, and keep using the existing mail relay authorization policy in smtpd_recipient_restrictions. - Copy the existing mail relay authorization policy from smtpd_recipient_restrictions to smtpd_relay_restrictions. There is no need to change the value of smtpd_recipient_restrictions. |
Sendmail configuration compatibility check
Rule ID | xccdf_preupg_rule_networking_sendmail_check_script |
Result | notapplicable |
Time | 2017-01-05T10:07:58 |
Severity | |
Identifiers and References | |
Description | Checks sendmail configuration compatibility File(s) affected:
|
SCE stdout
|
Squid configuration compatibility check
Rule ID | xccdf_preupg_rule_networking_squid_check_script |
Result | notapplicable |
Time | 2017-01-05T10:07:58 |
Severity | |
Identifiers and References | |
Description | Checks squid configuration compatibility File(s) affected:
|
SCE stdout
|
Information about VSFTP daemon configuration
Rule ID | xccdf_preupg_rule_networking_vsftpd_check |
Result | notapplicable |
Time | 2017-01-05T10:07:58 |
Severity | |
Identifiers and References | |
Description | Directives listen and listen_ipv6 have a different behaviour on the Red Hat Enterprise Linux 7 system |
SCE stdout
|
Reusable Configuration Files
Rule ID | xccdf_preupg_rule_others_NoVersionChangeEtc_nochange |
Result | pass |
Time | 2017-01-05T10:07:59 |
Severity | |
Identifiers and References | |
Description | The module provides a list of the configuration files that can be reused in Red Hat Enterprise Linux 7. |
Check changed config files
Rule ID | xccdf_preupg_rule_others_configchanges_check |
Result | needs_inspection |
Time | 2017-01-05T10:07:59 |
Severity | |
Identifiers and References | |
Description | Print modified config noreplace files which can generate .rpmnew (or .rpmsave) files. Specially check audit.rules which is generated by /sbin/augenrules since RHEL-6.6. |
SCE stdout
| |
Remediation description: It's recommended check these config files after upgrade on RHEL7: /etc/pam.d/fingerprint-auth /etc/pam.d/password-auth /etc/pam.d/smartcard-auth /etc/pam.d/system-auth |
Rsyslog configuration icompatibility
Rule ID | xccdf_preupg_rule_others_rsyslog_check |
Result | informational |
Time | 2017-01-05T10:07:59 |
Severity | |
Identifiers and References | |
Description | There is a change with journal (and thus socket logging) and some other incompatibilities in v7 as compared with older v5 version of rsyslog. |
Remediation description: See [0] and [1] for more information about new logging system on RHEL-7 and solutions of possible compatibility problems. [0] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/s1-interaction_of_rsyslog_and_journal.html [1] http://www.rsyslog.com/doc/v7-stable/compatibility/index.html |
Searching for VCS repositories
Rule ID | xccdf_preupg_rule_others_vcsrepos_check_script |
Result | informational |
Time | 2017-01-05T10:07:59 |
Severity | |
Identifiers and References | |
Description | The module searches for Version Control System repositories Git, SVN, CVS and bzr. If it finds any, it shows them in the Remediation description. |
Remediation description: |
Information about the changes of utilities
Rule ID | xccdf_preupg_rule_packages_GenericUtilities_check |
Result | needs_inspection |
Time | 2017-01-05T10:08:00 |
Severity | |
Identifiers and References | |
Description | The module prints utilities which were replaced or removed from packages, moved into a different package or changed their location. |
SCE stdout
| |
Remediation description: Some utilities were replaced, removed, moved between packages or their path changed. Please, check your scripts for possible problems. The list below does not contain utilities from removed packages, which were not replaced by other packages or utilities which were moved into packages replacing obsolete original packages. Replaced utilities: /bin/iptables-xml-1.4.7 (iptables) — iptables-xml /sbin/iptables-1.4.7 (iptables) — iptables /sbin/iptables-multi-1.4.7 (iptables) — iptables-multi /sbin/iptables-restore-1.4.7 (iptables) — iptables-restore /sbin/iptables-save-1.4.7 (iptables) — iptables-save /sbin/ip6tables-1.4.7 (iptables-ipv6) — ip6tables /sbin/ip6tables-multi-1.4.7 (iptables-ipv6) — ip6tables-multi /sbin/ip6tables-restore-1.4.7 (iptables-ipv6) — ip6tables-restore /sbin/ip6tables-save-1.4.7 (iptables-ipv6) — ip6tables-save /usr/bin/python2.6 (python) — python2.7 /usr/bin/easy_install-2.6 (python-setuptools) — easy_install-2.7 /sbin/udevd (udev) — /usr/lib/systemd/systemd-udevd Removed utilities (some of them still have an alternative): /usr/bin/ck-history (ConsoleKit) /usr/bin/ck-launch-session (ConsoleKit) /usr/bin/ck-list-sessions (ConsoleKit) /usr/sbin/ck-log-system-restart (ConsoleKit) /usr/sbin/ck-log-system-start (ConsoleKit) /usr/sbin/ck-log-system-stop (ConsoleKit) /usr/sbin/console-kit-daemon (ConsoleKit) /usr/bin/abrt-dedup-client (abrt-addon-ccpp) — the server side no longer exists /usr/bin/abrt-cli-root (abrt-tui) /usr/bin/btparser (btparser) — see man satyr:satyr /usr/sbin/cpuspeed (cpuspeed) /usr/bin/berkeley_db_svc (db4-utils) /usr/bin/db_codegen (db4-utils) /sbin/fsck.ext4dev (e2fsprogs) — not needed /sbin/mkfs.ext4dev (e2fsprogs) — not needed /usr/bin/volname (eject) — use blkid instead /usr/bin/.fipscheck.hmac (fipscheck) /usr/bin/gdbtui (gdb) /usr/bin/update-gdk-pixbuf-loaders (gdk-pixbuf2) /usr/bin/bdftops (ghostscript) /usr/bin/dumphint (ghostscript) /usr/bin/pdfopt (ghostscript) /usr/bin/pv.sh (ghostscript) /usr/bin/update-gio-modules (glib2) /usr/sbin/tzdata-update (glibc-common) /usr/bin/gpgkey2ssh (gnupg2) /sbin/grub (grub) /sbin/grub-crypt (grub) /sbin/grub-install (grub) /sbin/grub-md5-crypt (grub) /sbin/grub-terminfo (grub) /usr/bin/mbchk (grub) /sbin/umount.hal (hal) /usr/bin/hal-device (hal) /usr/bin/hal-disable-polling (hal) /usr/bin/hal-find-by-capability (hal) /usr/bin/hal-find-by-property (hal) /usr/bin/hal-get-property (hal) /usr/bin/hal-is-caller-locked-out (hal) /usr/bin/hal-lock (hal) /usr/bin/hal-set-property (hal) /usr/bin/hal-setup-keymap (hal) /usr/bin/lshal (hal) /usr/sbin/hald (hal) /sbin/fstab-decode (initscripts) /sbin/getkey (initscripts) /sbin/securetty (initscripts) /sbin/setsysfont (initscripts) /usr/sbin/krb5-send-pr (krb5-workstation) /usr/sbin/togglesebool (libselinux-utils) /usr/bin/man2html (man) — man -H, see more "man man" and "man groff" /usr/sbin/makewhatis (man) /sbin/microcode_ctl (microcode_ctl) /sbin/mingetty (mingetty) — obsoleted by agetty:util-linux /sbin/insmod.static (module-init-tools) — not needed in kmod /sbin/nfs_cache_getent (nfs-utils) — not needed anymore by kernel /usr/bin/.ssh.hmac (openssh-clients) /usr/sbin/.sshd.hmac (openssh-server) /usr/bin/dprofpp (perl) — you can install Devel-DProf from CPAN /usr/bin/perl5.10.1 (perl) — newer version /usr/bin/lwp-rget (perl-libwww-perl) — not maintained anymore /usr/bin/rhgb-client (plymouth) — use plymouth /usr/sbin/open_init_pty (policycoreutils) — not needed anymore due to systemd /usr/sbin/run_init (policycoreutils) — not needed anymore due to systemd /usr/bin/assistant_adp (qt-x11) /sbin/readahead (readahead) /sbin/readahead-collector (readahead) /usr/bin/rpmargs (rpmdevtools) — fakeroot is removed /usr/bin/rpmelfsym (rpmdevtools) — fakeroot is removed /usr/bin/rpmfile (rpmdevtools) — fakeroot is removed /usr/bin/rpmpeek (rpmdevtools) — fakeroot is removed /usr/bin/rpmsodiff (rpmdevtools) — fakeroot is removed /usr/bin/rpmsoname (rpmdevtools) — fakeroot is removed /usr/bin/findsmb (samba-client) — low usage, but might be added at later /usr/bin/smbta-util (samba-client) /usr/bin/seekwatcher (seekwatcher) — use iowatcher /usr/bin/theora_player.bin (theora-tools) /sbin/scsi_id (udev) /sbin/start_udev (udev) /sbin/initctl (upstart) — functionality implemented in systemd /sbin/reload (upstart) — functionality implemented in systemd /sbin/restart (upstart) — functionality implemented in systemd /sbin/start (upstart) — functionality implemented in systemd /sbin/status (upstart) — functionality implemented in systemd /sbin/stop (upstart) — functionality implemented in systemd /sbin/mount.tmpfs (util-linux-ng) — see man 8 mount /usr/bin/ddate (util-linux-ng) — useless /usr/bin/floppy (util-linux-ng) — obsolete /usr/sbin/tunelp (util-linux-ng) — obsolete /sbin/vconfig (vconfig) — see man ip from iproute /usr/sbin/ypserv_test (yp-tools) — low usage Utilities moved between packages (with the same location): /bin/su (coreutils) -> (util-linux) /sbin/runuser (coreutils) -> (util-linux) /bin/cgclassify (libcgroup) -> (libcgroup-tools) /bin/cgcreate (libcgroup) -> (libcgroup-tools) /bin/cgdelete (libcgroup) -> (libcgroup-tools) /bin/cgexec (libcgroup) -> (libcgroup-tools) /bin/cgget (libcgroup) -> (libcgroup-tools) /bin/cgset (libcgroup) -> (libcgroup-tools) /bin/cgsnapshot (libcgroup) -> (libcgroup-tools) /bin/lscgroup (libcgroup) -> (libcgroup-tools) /bin/lssubsys (libcgroup) -> (libcgroup-tools) /sbin/cgclear (libcgroup) -> (libcgroup-tools) /sbin/cgconfigparser (libcgroup) -> (libcgroup-tools) /sbin/cgrulesengd (libcgroup) -> (libcgroup-tools) /sbin/matchpathcon (libselinux) -> (libselinux-utils) /sbin/blkdeactivate (lvm2) -> (device-mapper) /bin/mountpoint (sysvinit-tools) -> (util-linux) /sbin/sulogin (sysvinit-tools) -> (util-linux) |
Check packages from other variants
Rule ID | xccdf_preupg_rule_packages_InterVariants_check |
Result | needs_action |
Time | 2017-01-05T10:08:03 |
Severity | |
Identifiers and References | |
Description | Packages from different variants could be installed on system. Print these packages which are from other variants. |
SCE stdout
| |
Remediation description: Some Red Hat signed packages are appointed for different variant RHEL systems. In this case we don't support inplace upgrade to new RHEL-7 systems with these packages. These packages will be probably removed: preupgrade-assistant preupgrade-assistant-el6toel7 preupgrade-assistant-el6toel7-data redhat-upgrade-tool |
Checking for load balancer support.
Rule ID | xccdf_preupg_rule_packages_LoadBalanceSupport_check |
Result | notapplicable |
Time | 2017-01-05T10:08:06 |
Severity | |
Identifiers and References | |
Description | The module checks for load balancer support on the system. |
Packages not signed by Red Hat
Rule ID | xccdf_preupg_rule_packages_NonRHSignedPkg_nonrhpkg |
Result | needs_action |
Time | 2017-01-05T10:08:10 |
Severity | |
Identifiers and References | |
Description | Packages not signed by Red Hat will not be upgraded |
SCE stdout
| |
Remediation description: Packages which are not signed with the official Red Hat keys will not be upgraded. These packages are typically provided by third parties or have been modified in some way. There is a high risk of incompatibility with these packages as they have not been verified by Red Hat. For upgrade assistance, contact the vendors of these packages. You can find a list of all unsigned packages including the vendor names in the kickstart/nonrhpkgs file. |
Obsoleted rpms
Rule ID | xccdf_preupg_rule_packages_ObsoletedPackages_ObsoletedPkg |
Result | needs_inspection |
Time | 2017-01-05T10:08:13 |
Severity | |
Identifiers and References | |
Description | Some rpms were obsoleted from the set of the packages between RHEL 6 and RHEL 7. This content checks for the package obsoletes from your set of Red Hat packages. |
SCE stdout
| |
Remediation description: Some packages were obsoleted between RHEL 6 and RHEL 7. Red Hat provides alternatives for them, but these alternatives may not be 100% compatible. Because of this, we don't replace them automatically. For some of the obsoleted packages you will get the incompatibilities list from separate preupgrade contents and you can adjust your migration or upgrade as required. Sometimes, the functionality of a package requires more than one new package to acheive the same functionality. Please Note: All packages from the debug repositories are skipped and Red Hat recommends that you remove them before upgrade. The following packages are obsoleted and replaced by new ones: ConsoleKit was obsoleted by systemd btparser was obsoleted by satyr cpuspeed was obsoleted by kernel-tools,kernel eggdbus was obsoleted by glib2 grub was obsoleted by grub2 hal was obsoleted by systemd mingetty was obsoleted by util-linux mysql-libs was obsoleted by mariadb-libs pam_passwdqc was obsoleted by libpwquality readahead was obsoleted by systemd seekwatcher was obsoleted by iowatcher udev was obsoleted by systemd upstart was obsoleted by systemd vconfig was obsoleted by iproute If a Non Red Hat signed package requires these packages, you may need to check if the alternative solution provided by Red Hat works for you. You may need to get the missing package from a source other than the RHEL repositories. You will need to install these new packages yourself after the assessment, as Red Hat cannot assess the suitablility of the replacements for your workload. |
w3m not available in Red Hat Enterprise Linux 7
Rule ID | xccdf_preupg_rule_packages_ObsoletedW3m_obsoletedw3m |
Result | notapplicable |
Time | 2017-01-05T10:08:13 |
Severity | |
Identifiers and References | |
Description | The w3m package is not available in Red Hat Enterprise Linux 7. |
SCE stdout
|
report incompatibilities between Red Hat Enterprise Linux 6 and 7 in qemu-guest-agent package
Rule ID | xccdf_preupg_rule_packages_QemuGuestAgent_qemuGuestAgent |
Result | notapplicable |
Time | 2017-01-05T10:08:13 |
Severity | |
Identifiers and References | |
Description | Report incompatibilities between Red Hat Enterprise Linux 6 and 7 in qemu-guest-agent package. |
SCE stdout
|
Information about removed options in grep binaries
Rule ID | xccdf_preupg_rule_packages_RemovedOptions_grep_check |
Result | informational |
Time | 2017-01-05T10:08:13 |
Severity | |
Identifiers and References | |
Description | The module prints a list of command line options which were removed or deprecated in the packages. |
Remediation description: Option "-K" was removed from grep, egrep and fgrep utilities on Red Hat Enterprise Linux 7 system. This option was not documented before on Red Hat Enterprise Linux 6. |
Information about removed or deprecated options in util-linux (util-linux-ng) binaries
Rule ID | xccdf_preupg_rule_packages_RemovedOptions_util-linux_check |
Result | informational |
Time | 2017-01-05T10:08:13 |
Severity | |
Identifiers and References | |
Description | The module prints a list of command line options which were removed or deprecated in the packages. |
Remediation description: Some options were removed or deprecated from util-linux-ng (on Red Hat Enterprise Linux 7 it is renamed back to util-linux) package binaries between Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. This may break the functionality of some of your scripts. All option removals with the solutions are listed below. blkid: -w - option is deprecated (undocumented on Red Hat Enterprise Linux 7) fallocate: --lenght - replaced by --length findmnt --fsroot - replaced by --nofsroot losetup: -s - short option removed, available only --show mount: -p, --pass-fd - options are deprecated (undocumented on Red Hat Enterprise Linux 7) partx: --gpt - undocumented and removed readprofile: -t - removed sfdisk: -? - replaced by -h blkid, fsck, hexdump, hwclock, mkfs, mount, renice: -v is deprecated and replaced by -V (print version) |
Removed rpms
Rule ID | xccdf_preupg_rule_packages_RemovedPackages_RemovedPkg |
Result | needs_action |
Time | 2017-01-05T10:08:19 |
Severity | |
Identifiers and References | |
Description | Some rpms were removed from the set of the packages between RHEL 6 and RHEL 7. This content checks for the package removals from your set of Red Hat packages. |
SCE stdout
| |
Remediation description: Some of the packages were removed between RHEL 6 and RHEL 7. This may break the upgrade for some of your packages. We are not aware of any compatible replacement for these packages. Following packages are no longer available: ConsoleKit-libs MAKEDEV atmel-firmware b43-fwcutter b43-openfwwf busybox cas dash fakeroot fakeroot-libs hal-info hal-libs ipa-python ipw2100-firmware ipw2200-firmware lcms-libs libertas-usb8388-firmware libgssglue libnih libtopology mesa-dri1-drivers pcmciautils python-argparse python-crypto python-iwlib python-paramiko system-config-network-tui wireless-tools zd1211-firmware If some NonRH signed package requires these packages, you may need to ask your vendor to provide alternative solution or get the missing package from different sources than RHEL. |
taskjuggler not available in Red Hat Enterprise Linux 7
Rule ID | xccdf_preupg_rule_packages_RemovedTaskjuggler_removedtj |
Result | notapplicable |
Time | 2017-01-05T10:08:19 |
Severity | |
Identifiers and References | |
Description | The taskjuggler packages are not available in Red Hat Enterprise Linux 7. |
SCE stdout
|
Replaced rpms
Rule ID | xccdf_preupg_rule_packages_ReplacedPackages_ReplacedPkg |
Result | needs_action |
Time | 2017-01-05T10:08:32 |
Severity | |
Identifiers and References | |
Description | Some rpms were replaced between RHEL 6 and RHEL 7. This content checks for the package replacements from your set of Red Hat packages and generates the list of replaced RH packages for RHEL 7 kickstart. |
SCE stdout
| |
Remediation description: Between RHEL 6 and RHEL 7, some packages have either been replaced or renamed. Replacement packages are compatible with previous versions. In some cases, preupgrade assistant will migrate the package after the upgrade has completed. Please Note: This tool will not check debug repositories. Red Hat recommends that all debuginfo packages are removed before upgrade and manually reinstalled as required on the upgraded system. The following packages were replaced: Red_Hat_Enterprise_Linux-Release_Notes-6-en-US was replaced by Red_Hat_Enterprise_Linux-Release_Notes-7-en-US bfa-firmware was replaced by linux-firmware coreutils-libs was replaced by coreutils cryptsetup-luks was replaced by cryptsetup cryptsetup-luks-libs was replaced by cryptsetup-libs db4 was replaced by libdb db4-cxx was replaced by libdb-cxx (optional channel in RHEL 7) db4-devel was replaced by libdb-devel db4-utils was replaced by libdb-utils dracut-kernel was replaced by dracut eject was replaced by util-linux iptables-ipv6 was replaced by iptables-services jpackage-utils was replaced by javapackages-tools kernel-firmware was replaced by linux-firmware libudev was replaced by systemd-libs libusb1 was replaced by libusbx man was replaced by man-db mesa-dri-filesystem was replaced by mesa-filesystem module-init-tools was replaced by kmod nfs-utils-lib was replaced by libnfsidmap perl-Compress-Zlib was replaced by perl-IO-Compress perl-IO-Compress-Base was replaced by perl-IO-Compress perl-IO-Compress-Bzip2 was replaced by perl-IO-Compress perl-IO-Compress-Zlib was replaced by perl-IO-Compress procps was replaced by procps-ng ql2100-firmware was replaced by linux-firmware ql2200-firmware was replaced by linux-firmware ql23xx-firmware was replaced by linux-firmware ql2400-firmware was replaced by linux-firmware ql2500-firmware was replaced by linux-firmware qt-sqlite was replaced by qt redhat-lsb-compat was replaced by redhat-lsb-core redhat-lsb-graphics was replaced by redhat-lsb-desktop rt61pci-firmware was replaced by linux-firmware rt73usb-firmware was replaced by linux-firmware samba4-libs was replaced by samba-libs util-linux-ng was replaced by util-linux xorg-x11-drv-ati-firmware was replaced by linux-firmware yum-plugin-security was replaced by yum If a Non Red Hat signed package requires these packages, you may want to monitor them closely. Although the replacement should be compatible, it may have some minor differences, even in the case of common application lifecycles. One or more replacement packages are available only in other repositories. You need to provide these repositories to make the upgrade or migration successful. Be aware, that for in-place upgrades, only the optional repository is supported. Packages from other repositories should be removed first. For this purpose, if you want to upgrade, use the following additional option to redhat-upgrade-tool: --addrepo rhel-7-optional=<path to the optional repository> Alternatively, you could remove all packages where the replacement is part of the RHEL 7 Optional repository before you start the system upgrade. If you want to migrate, you will need register your machine with subscription-manager after the first boot of your new system and attach subscriptions that provide: Red Hat Enterprise Linux 7 Server - Optional (RPMs) Red Hat Enterprise Linux 7 Server (RPMs) Then you must enable any equivalent repositories (if they are disabled) and install any needed packages. For this purpose (installation), you can run a prepared script: /root/preupgrade/noauto_postupgrade.d/install_rpmlist.sh /root/preupgrade/kickstart/RHRHEL7rpmlist_replaced-notbase which will install any remaining available packages from these repositories. |
GMP library incompatibilities
Rule ID | xccdf_preupg_rule_packages_gmp_check_script |
Result | informational |
Time | 2017-01-05T10:08:32 |
Severity | |
Identifiers and References | |
Description | Incompatibilities between GMP 4 and GMP 5.1 libraries. |
Remediation description: GMP 6 is compatible with GMP 4 in major features. Incompatible changes affect only functions, which should not be used by user applications at all: - mpn_bdivmod function - BSDMP-like interface libmp.so |
Packages providing 'java' changed
Rule ID | xccdf_preupg_rule_packages_java-provide_checkscript |
Result | informational |
Time | 2017-01-05T10:08:32 |
Severity | |
Identifiers and References | |
Description | Install java after upgrade if java is currently installed |
Remediation description: In Red Hat Enterprise Linux 7, different rpm packages provide 'java' than in Red Hat Enterprise Linux 6. This can cause missing 'java' virtual provide on upgraded system and break 3rd party packages that depend on 'java'. Postupgrade script will install java after upgrade. |
RHEL not-base channels required
Rule ID | xccdf_preupg_rule_packages_notbase-channel_check |
Result | needs_action |
Time | 2017-01-05T10:08:41 |
Severity | |
Identifiers and References | |
Description | Detects upgrade problems with RHEL 'not-base' channels |
SCE stdout
| |
Remediation description: Some installed packages are either from outside of the base channel for Red Hat Enterprise Linux 6, or replaced by a package in a RHEL 7 non base channel. Repositories such as 'Optional' will cause this message. This will probably cause a failure in the upgrade of your system. The following packages are affected: flac (optional channel) groff (optional channel) liboil (optional channel) libproxy-bin (optional channel) libproxy-python (optional channel) libreport-compat (optional channel) libreport-plugin-kerneloops (optional channel) libreport-plugin-logger (optional channel) openscap-engine-sce (optional channel) system-config-firewall-tui (optional channel) xz-lzma-compat (optional channel) To enable the updating of packages that are now located in the RHEL 7 Optional repository, please provide the location of the Optional channel repository to redhat-upgrade-tool. The syntax for the additional parameter is: --addrepo rhel-7-optional=<path to the optional repository> Alternatively, you could remove all packages which reside in the RHEL 7 Optional repository before starting the system upgrade. One or more packages are available only in other repositories. If you want to install them later, you will need to attach subscriptions that provide: Red Hat Enterprise Linux 7 Server - Optional (RPMs) Red Hat Enterprise Linux 7 Server (RPMs) Then you must enable any equivalent repositories (if they are disabled) and install any needed packages. For this purpose, you can run a prepared script: /root/preupgrade/noauto_postupgrade.d/install_rpmlist.sh <path/to/pkglist-file> See /root/preupgrade/kickstart/README for details on 'pkglist' files. |
package downgrades
Rule ID | xccdf_preupg_rule_packages_pkgdowngrades_pkgdowngrades |
Result | fixed |
Time | 2017-01-05T10:08:43 |
Severity | |
Identifiers and References | |
Description | detects package downgrades from RHEL6 to RHEL7 |
SCE stdout
| |
Remediation description: Some packages installed on your system have broken upgrade path from Red Hat Enterprise Linux version 6 to version 7 (the version of package is lower in newer Enterprise Linux). This does not cause fail of redhat-upgrade-tool run and it could potentially left system in inconsistent state (mixed RHEL 6 and RHEL 7 packages installed). Pre-upgrade scripts makes best effort to force redhat-upgrade-tool in-place upgrade process install packages with broken upgrade path but you should be aware of that and know what is happening. Optionally, if possible, you may remove packages in question from RHEL 6 system. |
SELinux Custom Policy
Rule ID | xccdf_preupg_rule_selinux_CustomPolicy_check |
Result | fixed |
Time | 2017-01-05T10:08:43 |
Severity | |
Identifiers and References | |
Description | Solve problem with custom SE policy modules after migration |
Remediation description: Custom SELinux policy modules couldn't be found by sesearch. This is fixed by removing selinux module sandbox.pp which is repalced by sandboxX.pp and is disabled by default on RHEL7 systems. This solve some other issues between sandbox.pp and sandboxX.pp too. So module is removed be default now by postcript: /root/preupgrade/postupgrade.d/fix_SELinuxCustomPolicy.sh |
restore custom selinux configuration
Rule ID | xccdf_preupg_rule_selinux_RestoreConfig_restoreConfig |
Result | notapplicable |
Time | 2017-01-05T10:08:43 |
Severity | |
Identifiers and References | |
Description | Content with postupgrade script that restores custom selinux configuration. |
SCE stdout
|
General
Rule ID | xccdf_preupg_rule_selinux_general_check |
Result | needs_action |
Time | 2017-01-05T10:08:43 |
Severity | |
Identifiers and References | |
Description | There has to be some steps performed in order to have working SELinux on RHEL 7. |
SCE stdout
| |
Remediation description: We have detected that you are using SELinux. There were changes in policies which require to apply custom command before upgrade process. In order to have working SELinux on Red Hat Enterprise Linux 7, you HAVE TO run command prior to running redhat-upgrade-tool: semodule -r sandbox |
samba shared directories selinux
Rule ID | xccdf_preupg_rule_selinux_samba_check_script |
Result | notapplicable |
Time | 2017-01-05T10:08:43 |
Severity | |
Identifiers and References | |
Description | Samba shared directories that might need their selinux context restored. |
SCE stdout
|
CUPS Browsing/BrowsePoll configuration
Rule ID | xccdf_preupg_rule_services_cupsbrowsing_cupsbrowsing |
Result | fixed |
Time | 2017-01-05T10:08:43 |
Severity | |
Identifiers and References | |
Description | The CUPS Browsing and BrowsePoll configuration directives have been removed from CUPS. A replacement is provided in the form of the cups-browsed service. File(s) affected:
|
Remediation description: The Browsing and BrowsePoll configuration directives have been removed from CUPS. The cups-browsed service replaces these two directives. This module identifies possible incompatibilities in the configuration file. The browsing configuration using the CUPS Browsing protocol has been migrated to the cleanconf/etc/cups/cups-browsed.conf file, and the cups-browsed service will be enabled after upgrade. |
CVS Package Split
Rule ID | xccdf_preupg_rule_services_cvs_checkscript |
Result | informational |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | Some Concurrent Versions System (CVS) tools and documentation have been moved into separate packages and are no longer provided by the cvs packages. |
Remediation description: The Concurrent Versions System (CVS) server and client have not been changed significantly and should be fully compatible. However, some tools and documentation have been moved to other packages which could concern some users. The rcs2log and contrib utilities have been moved into the new cvs-contrib packages in order to remove the cvs packages dependency on perl and reduce the size of the cvs packages. If you require the rcs2log and contrib tools, you can install the packages manually by running the "yum install cvs-contrib" command as root. Additional documentation, such as books concerning CVS tools in the PDF format and revision control system (RCS) specification files, has been moved into the new cvs-doc package to reduce the size of the cvs packages. If you want to access this additional documentation, install the package manually by running the "yum install cvs-doc" command as root. The manual and Texinfo pages are still included in the cvs packages. These utilities and the supplemental documentation are not used by the CVS client or server. Their absence does not pose a risk when upgrading the cvs packages. |
FreeRADIUS Upgrade Verification
Rule ID | xccdf_preupg_rule_services_freeradius_check_script |
Result | notapplicable |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | This module determines if there is a version of the FreeRADIUS service prior to version 3.x installed on the system. These earlier versions have an incompatible configuration and need to be configured manually using the resources mentioned below. |
SCE stdout
|
Checking httpd configuration compatibility
Rule ID | xccdf_preupg_rule_services_httpd_check_script |
Result | notapplicable |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | The module checks the httpd configuration compatibility File(s) affected:
|
SCE stdout
|
bind-dyndb-ldap
Rule ID | xccdf_preupg_rule_services_ipa_bind-dyndb-ldap_check |
Result | notapplicable |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | Check configuration file for bind-dyndb-ldap plug-in. File(s) affected:
|
SCE stdout
|
Identity Management Server compatibility check
Rule ID | xccdf_preupg_rule_services_ipa_ipa-server_check_script |
Result | notapplicable |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | Checks Identity Management Server (IPA) configuration compatibility File(s) affected:
|
SCE stdout
|
IPA Server CA Verification
Rule ID | xccdf_preupg_rule_services_ipa_pki-ca_check |
Result | notapplicable |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | This module verifies the IPA CA configuration compatibility. File(s) affected:
|
SCE stdout
|
NTP configuration
Rule ID | xccdf_preupg_rule_services_ntp_configuration_ntp |
Result | pass |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | Save ntp and ntpdate configuration files which are not tracked by rpm. File(s) affected:
|
Information on time-sync.target
Rule ID | xccdf_preupg_rule_services_ntp_timesync_timesync |
Result | pass |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | Check if ntpdate service is enabled and print information on starting services with clock set |
OpenLDAP /etc/sysconfig and data compatibility
Rule ID | xccdf_preupg_rule_services_openldap_check |
Result | notapplicable |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | Some shell variables and minor syntax have been changed in the OpenLDAP sysconfig file between Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. This module detects such changes and advices the user with possible solution. The module also advices the user on how to proceed with a database upgrade. File(s) affected:
|
SCE stdout
|
OpenSSH sshd_config migration content
Rule ID | xccdf_preupg_rule_services_openssh_sshd_openssh-sshd |
Result | pass |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | This content has a aim to convert /etc/ssh/sshd_config file from openssh-server package File(s) affected:
|
OpenSSH sysconfig migration content
Rule ID | xccdf_preupg_rule_services_openssh_sysconfig_openssh-sysconfig |
Result | fixed |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | This content has a aim to convert /etc/sysconfig/sshd file from openssh-server package File(s) affected:
|
SCE stdout
| |
Remediation description: /etc/sysconfig/sshd will not be a shell script in RHEL 7 anymore so all 'export VARIABLE=VALUE' has to be changed to 'VARIABLE=VALUE'. # sed -i 's/^export //' /etc/sysconfig/sshd There is the /root/preupgrade/cleanconf//etc/sysconfig/sshd with the fixed configuration. |
Configuration for quota_nld service
Rule ID | xccdf_preupg_rule_services_quota_nld_configuration_checkscript |
Result | pass |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | Back configuration for quota_nld service up File(s) affected:
|
Disk quota netlink message daemon moved into quota-nld package
Rule ID | xccdf_preupg_rule_services_quota_nld_new_package_checkscript |
Result | pass |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | Install quota-nld package if the quota_nld service is enabled |
SSSD compatibility check
Rule ID | xccdf_preupg_rule_services_sssd_check |
Result | notapplicable |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | 'Checks sssd configuration compatibility' File(s) affected:
|
Detect LUKS devices using Whirlpool for password hash.
Rule ID | xccdf_preupg_rule_storage_cryptsetup-luks_detect-whirlpool-hash |
Result | pass |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | 'Whirlpool hash implementation in libgcrypt of version <= 1.5.3 is broken. This content checks current system for presence of LUKS devices possibly using the bogus hash. In target system libgcrypt library is patched to use correct implementation so after reboot the freshly updated system may remain with LUKS devices imposibble to unlock.' File(s) affected:
|
SCE stdout
|
Clvmd and cmirrord daemon management.
Rule ID | xccdf_preupg_rule_storage_lvm2-cluster_check_lvm2_cluster |
Result | notapplicable |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | The clvmd and cmirrord daemon needs to be defined as 'clvm' cluster resource instead of running it as a system service. |
SCE stdout
|
State of LVM2 services.
Rule ID | xccdf_preupg_rule_storage_lvm2-services_check_lvm2_services |
Result | fixed |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | Some services are important for proper LVM functionality. This content checks for current state of existing services and makes sure the state is preserved over upgrade. Also, some systemd units should be enabled by default to allow for service's on-demand activation if needed. |
SCE stdout
| |
Remediation description: RHEL7 uses systemd for service management. When upgrading from RHEL6, we need to be sure that certain services (systemd units) are enabled or prepared for on-demand activation. The LVM2 monitoring service inherits the old state, which means that if the 'lvm2-monitor' service was enabled in RHEL6, it will also be enabled in RHEL7 (lvm2-monitor.service) and vice versa. In addition to that these systemd units are enabled to allow for on-demand service activation: dm-event.socket lvm2-lvmetad.socket The dm-event.socket is used for on-demand activation of dm-event.service. This is an essential part of device-mapper monitoring feature (which also covers monitoring of LVM devices). The lvm2-lvmetad.socket is used for on-demand activation of lvm2-lvmetad.service which starts the lvmetad - LVM metadata daemon that is used to cache LVM metadata so LVM commands don't need to scan devices all the time and they can reuse cached metadata. This functionality is used by default in RHEL7. |
device-mapper-multipath configuration compatibility check
Rule ID | xccdf_preupg_rule_storage_multipath_check |
Result | notapplicable |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | Checks multipath configuration compatibility. Also, removes old udev multipath rules. File(s) affected:
|
SCE stdout
|
Removal of scsi-target-utils
Rule ID | xccdf_preupg_rule_storage_tgtd_obsoletedtgtd |
Result | notapplicable |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | The scsi-target-utils packages are no longer available in Red Hat Enterprise Linux 7. File(s) affected:
|
SCE stdout
|
Configuration for warnquota tool
Rule ID | xccdf_preupg_rule_storage_warnquota_configuration_checkscript |
Result | pass |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | Back configuration for warnquota tool up File(s) affected:
|
Disk quota tool warnquota moved into quota-warnquota package
Rule ID | xccdf_preupg_rule_storage_warnquota_new_package_checkscript |
Result | informational |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | Install quota-warnquota if need warnquota tool |
Remediation description: Quota tool warnquota(8) has been moved from "quota" package into "quota-warnquota" package. If you used warnquota on the old system, please install quota-warnquota package with this command on the new system: # yum --assumeyes install quota-warnquota Please do not forget to check warnquota configutation files (/etc/quotagrpadmins, /etc/quotatab, and /etc/warnquota.conf) before using the tool. Please do not forget to install a cron job to execute the warnquota tool periodically, if you used it on the the old system. |
Check for Add-On availability
Rule ID | xccdf_preupg_rule_system_AddOns_addons |
Result | needs_action |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | Content checks availability of High Availability, ResilientStorage and LoadBalancer Add-Ons. |
SCE stdout
| |
Remediation description: The following Add-Ons were detected on the system. |
Information about the supported architecture
Rule ID | xccdf_preupg_rule_system_Architecture_architecture |
Result | pass |
Time | 2017-01-05T10:08:44 |
Severity | |
Identifiers and References | |
Description | The module informs that Red Hat Enterprise Linux 7 does not support installations or performing an in-place upgrade on 32-bit architectures. |
Binary rebuilds
Rule ID | xccdf_preupg_rule_system_BinariesRebuild_check |
Result | pass |
Time | 2017-01-05T10:09:12 |
Severity | |
Identifiers and References | |
Description | Check all binaries installed on the assessment system which needs to be rebuilded on the target system |
Debuginfo packages
Rule ID | xccdf_preupg_rule_system_Debuginfo_debuginfo |
Result | pass |
Time | 2017-01-05T10:09:15 |
Severity | |
Identifiers and References | |
Description | This content checks for debuginfo packages and inform about potential risks for in-place upgrade. |
Read Only FHS directories
Rule ID | xccdf_preupg_rule_system_FHS_ReadOnlyFHS_check_script |
Result | pass |
Time | 2017-01-05T10:09:15 |
Severity | |
Identifiers and References | |
Description | Check that critical directories of Filesystem Hierarchy Standard are not mounted read-only. |
SCE stdout
|
Check FHS for /var incompabilities.
Rule ID | xccdf_preupg_rule_system_FHS_Run_check |
Result | informational |
Time | 2017-01-05T10:09:15 |
Severity | |
Identifiers and References | |
Description | Since RHEL 7 are some changes in FHS, which could be in conflicts with old system (e.g. movement /var/run -> /run). |
Remediation description: Since RHEL 7 exists '/run' directory where tmpfs is mounted for runtime data. Original '/var/run' is symlink to this directory and likewise '/var/lock' points to the '/run/lock/' now. '/run' directory is emptied on reboot, so all runtime files must be created on boot again. See RHEL 7 Migration Planning Guidelines. |
In-place Upgrade Requirements for the /usr/ Directory
Rule ID | xccdf_preupg_rule_system_FHS_UsrPartition_usr |
Result | pass |
Time | 2017-01-05T10:09:15 |
Severity | |
Identifiers and References | |
Description | This module determines if the /usr/ directory is located on a separate partition. |
Cluster and High Availability
Rule ID | xccdf_preupg_rule_system_HA-Cluster_ha-cluster_hacluster |
Result | pass |
Time | 2017-01-05T10:09:15 |
Severity | |
Identifiers and References | |
Description | Content checks Cluster and High Availability solutions for upgrade. |
Quorum implementation
Rule ID | xccdf_preupg_rule_system_HA-Cluster_quorum_quorum |
Result | notapplicable |
Time | 2017-01-05T10:09:15 |
Severity | |
Identifiers and References | |
Description | Content checks quorum implementation for upgrade. |
SCE stdout
|
fix krb5kdc config file
Rule ID | xccdf_preupg_rule_system_KrbMigration_krbMigration |
Result | notapplicable |
Time | 2017-01-05T10:09:15 |
Severity | |
Identifiers and References | |
Description | The content that fixes the /etc/sysconfig/krb5kdc file. |
SCE stdout
|
File Systems, Partitions and Mounts Configuration Review
Rule ID | xccdf_preupg_rule_system_PartitionMounts_partmounts |
Result | informational |
Time | 2017-01-05T10:09:15 |
Severity | |
Identifiers and References | |
Description | This module describes the new default file system and stores the partitions and mounts configuration. |
Remediation description: Red Hat Enterprise Linux 7 now uses the XFS file system as the default file system instead of the ext4 file system. If you intend to migrate the system to another machine or create a new file system, you can consider using XFS instead of ext4. Users who use a Kickstart installation can consider modifying the Kickstart configuration to use XFS. Additionally, information about the partitions and mounts configuration has been saved in the /root/preupgrade/kickstart/ directory. This information can be useful to users who choose to perform a system migration or convert their file systems to XFS. |
Removable media in fstab
Rule ID | xccdf_preupg_rule_system_RemovableMedia_check_script |
Result | informational |
Time | 2017-01-05T10:09:15 |
Severity | |
Identifiers and References | |
Description | Warn about removable media preventing boot |
Remediation description: If there are any removable media listed in /etc/fstab, it is necessary to add "nofail" flag to each one of them. Red Hat Enterprise Linux 7 will fail to boot if the medium is not present and "nofail" is not specified. It is not possible to check this automatically with 100% confidence. Please check your /etc/fstab. |
Sonamebumped libs
Rule ID | xccdf_preupg_rule_system_SonameBump_SonameBump |
Result | needs_inspection |
Time | 2017-01-05T10:09:25 |
Severity | |
Identifiers and References | |
Description | If the dynamic library breaks the API/ABI compatibility, it is supposed to change its soname. This content checks for the soname bumps between RHEL 6 and RHEL 7 in your Red Hat packages. |
SCE stdout
| |
Remediation description: Application developed in C may use dynamic libraries (.so files) to reuse the common functions/symbols in the binary. If the library bumped its soname ( changed major version, API/ABI incompatibility), application that depends on it may not run. Some of the libraries changed the soname version between Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. From your RHEL 6 packages, following libraries changed soname: libanonymous.so.2 from cyrus-sasl-lib changed to libanonymous.so.3 libbind9.so.80 from bind-libs changed to libbind9.so.90 libcryptsetup.so.1 from cryptsetup-luks-libs changed to libcryptsetup.so.4 libdns.so.81 from bind-libs changed to libdns.so.100 libdrm_nouveau.so.1 from libdrm changed to libdrm_nouveau.so.2 libffi.so.5 from libffi changed to libffi.so.6 libgdbm.so.2 from gdbm changed to libgdbm.so.4 libgmp.so.3 from gmp changed to libgmp.so.10 libgnutls.so.26 from gnutls changed to libgnutls.so.28 libgnutlsxx.so.26 from gnutls changed to libgnutlsxx.so.28 libgs.so.8 from ghostscript changed to libgs.so.9 libgssapiv2.so.2 from cyrus-sasl-gssapi changed to libgssapiv2.so.3 libhwloc.so.1 from hwloc changed to libhwloc.so.5 libisc.so.83 from bind-libs changed to libisc.so.95 libisccc.so.80 from bind-libs changed to libisccc.so.90 libisccfg.so.82 from bind-libs changed to libisccfg.so.90 libkadm5srv_mit.so.8 from krb5-libs changed to libkadm5srv_mit.so.10 libkdb5.so.6 from krb5-libs changed to libkdb5.so.8 liblogin.so.2 from cyrus-sasl-plain changed to liblogin.so.3 libltaudit.so.0.5.9 from latrace changed to libltaudit.so.0.5.11 liblwres.so.80 from bind-libs changed to liblwres.so.90 liblzma.so.0 from xz-libs changed to liblzma.so.5 libmysqlclient.so.16 from mysql-libs changed to libmysqlclient.so.18 libpcre.so.0 from pcre changed to libpcre.so.1 libplain.so.2 from cyrus-sasl-plain changed to libplain.so.3 libpoppler.so.5 from poppler changed to libpoppler.so.46 libproxy.so.0 from libproxy changed to libproxy.so.1 librpm.so.1 from rpm-libs changed to librpm.so.3 librpmbuild.so.1 from rpm-libs changed to librpmbuild.so.3 librpmio.so.1 from rpm-libs changed to librpmio.so.3 libsasl2.so.2 from cyrus-sasl-lib changed to libsasl2.so.3 libsasldb.so.2 from cyrus-sasl-lib changed to libsasldb.so.3 libtasn1.so.3 from libtasn1 changed to libtasn1.so.6 libudev.so.0 from libudev changed to libudev.so.1 libverto.so.0 from krb5-libs changed to libverto.so.1 We checked the requirements in Non-RH signed packages, but for the non rpm-packaged binaries, you should check the compatibility list yourself by using e.g. ldd <binary> command. If some of your application uses the library on the list above, you will need to rebuild such package/application against new library. Red Hat Enterprise Linux applications available on the RHEL 7 will handle these bumps automatically by the update/migration to new Red Hat Enterprise Linux as they were already built against these libraries. |
SonameKept Reusable Dynamic Libraries
Rule ID | xccdf_preupg_rule_system_SonameKept_SonameKept |
Result | informational |
Time | 2017-01-05T10:09:34 |
Severity | |
Identifiers and References | |
Description | The module provides an overview of the dynamic libraries from Red Hat Enterprise Linux 6 that can be reused in Red Hat Enterprise Linux 7, as the dynamic libraries remain compatible with both the application programming interface (API) and the application binary interface (ABI). |
Remediation description: Applications developed in the C programming language can use dynamic libraries (.so files) to reuse common functions and symbols in the binary. When the library changes its soname in a major version, the binaries normally need to be rebuilt for the new system. Some libraries have not changed their soname between Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 so it could be possible to reuse third party applications which use only these libraries without rebuilding. You can find the list of the unchanged dynamic libraries and their package names in the following file: ./kickstart/NoSonameBumpLibs If it is not clear what libraries the third party binary or RPM uses, it is possible to use the ldd utility for the C binary, or run the "rpm -q --whatrequires SONAME" command for the whole RPM package. No problems are expected to occur if there are only .so files listed in the NoSonameBumpLibs file and unversioned shared libraries. |
Removed .so libs
Rule ID | xccdf_preupg_rule_system_SonameRemoval_SonameRemoval |
Result | needs_inspection |
Time | 2017-01-05T10:10:53 |
Severity | |
Identifiers and References | |
Description | Dynamic libraries are used provides symbols/functions to binaries. Some of the libraries were removed between RHEL 6 and RHEL 7. This content checks for the .so libraries removal between RHEL 6 and RHEL 7 in your Red Hat packages. |
SCE stdout
| |
Remediation description: Application developed in C may use dynamic libraries (.so files) to reuse the common functions/symbols in the binary. If the library is missing, application will not run. Some of the libraries were removed between RHEL 6 and RHEL 7. From your Red Hat Enterprise Linux 6 packages, following libraries disappeared: AES.so from python-crypto ANSI_X3.110.so from glibc ARC2.so from python-crypto ARC4.so from python-crypto ARMSCII-8.so from glibc ASMO_449.so from glibc B.so from perl BIG5.so from glibc BIG5HKSCS.so from glibc BRF.so from glibc Base64.so from perl Blowfish.so from python-crypto Byte.so from perl Bzip2.so from perl-Compress-Raw-Bzip2 CAST.so from python-crypto CN.so from perl CP10007.so from glibc CP1125.so from glibc CP1250.so from glibc CP1251.so from glibc CP1252.so from glibc CP1253.so from glibc CP1254.so from glibc CP1255.so from glibc CP1256.so from glibc CP1257.so from glibc CP1258.so from glibc CP737.so from glibc CP775.so from glibc CP932.so from glibc CSN_369103.so from glibc CWI.so from glibc Call.so from perl Cwd.so from perl DBI.so from perl-DBI DB_File.so from perl DEC-MCS.so from glibc DES.so from python-crypto DES3.so from python-crypto DProf.so from perl Dumper.so from perl EBCDIC-AT-DE-A.so from glibc EBCDIC-AT-DE.so from glibc EBCDIC-CA-FR.so from glibc EBCDIC-DK-NO-A.so from glibc EBCDIC-DK-NO.so from glibc EBCDIC-ES-A.so from glibc EBCDIC-ES-S.so from glibc EBCDIC-ES.so from glibc EBCDIC-FI-SE-A.so from glibc EBCDIC-FI-SE.so from glibc EBCDIC-FR.so from glibc EBCDIC-IS-FRISS.so from glibc EBCDIC-IT.so from glibc EBCDIC-PT.so from glibc EBCDIC-UK.so from glibc EBCDIC-US.so from glibc EBCDIC.so from perl ECMA-CYRILLIC.so from glibc EUC-CN.so from glibc EUC-JISX0213.so from glibc EUC-JP-MS.so from glibc EUC-JP.so from glibc EUC-KR.so from glibc EUC-TW.so from glibc Encode.so from perl Everything_module.so from ORBit2 Expat.so from perl-XML-Parser FastCalc.so from perl Fcntl.so from perl FieldHash.so from perl GB18030.so from glibc GBBIG5.so from glibc GBGBK.so from glibc GBK.so from glibc GDBM_File.so from perl GEORGIAN-ACADEMY.so from glibc GEORGIAN-PS.so from glibc GOST_19768-74.so from glibc GREEK-CCITT.so from glibc GREEK7-OLD.so from glibc GREEK7.so from glibc Glob.so from perl HP-GREEK8.so from glibc HP-ROMAN8.so from glibc HP-ROMAN9.so from glibc HP-THAI8.so from glibc HP-TURKISH8.so from glibc HiRes.so from perl-Time-HiRes Hostname.so from perl IBM037.so from glibc IBM038.so from glibc IBM1004.so from glibc IBM1008.so from glibc IBM1008_420.so from glibc IBM1025.so from glibc IBM1026.so from glibc IBM1046.so from glibc IBM1047.so from glibc IBM1097.so from glibc IBM1112.so from glibc IBM1122.so from glibc IBM1123.so from glibc IBM1124.so from glibc IBM1129.so from glibc IBM1130.so from glibc IBM1132.so from glibc IBM1133.so from glibc IBM1137.so from glibc IBM1140.so from glibc IBM1141.so from glibc IBM1142.so from glibc IBM1143.so from glibc IBM1144.so from glibc IBM1145.so from glibc IBM1146.so from glibc IBM1147.so from glibc IBM1148.so from glibc IBM1149.so from glibc IBM1153.so from glibc IBM1154.so from glibc IBM1155.so from glibc IBM1156.so from glibc IBM1157.so from glibc IBM1158.so from glibc IBM1160.so from glibc IBM1161.so from glibc IBM1162.so from glibc IBM1163.so from glibc IBM1164.so from glibc IBM1166.so from glibc IBM1167.so from glibc IBM12712.so from glibc IBM1364.so from glibc IBM1371.so from glibc IBM1388.so from glibc IBM1390.so from glibc IBM1399.so from glibc IBM16804.so from glibc IBM256.so from glibc IBM273.so from glibc IBM274.so from glibc IBM275.so from glibc IBM277.so from glibc IBM278.so from glibc IBM280.so from glibc IBM281.so from glibc IBM284.so from glibc IBM285.so from glibc IBM290.so from glibc IBM297.so from glibc IBM420.so from glibc IBM423.so from glibc IBM424.so from glibc IBM437.so from glibc IBM4517.so from glibc IBM4899.so from glibc IBM4909.so from glibc IBM4971.so from glibc IBM500.so from glibc IBM5347.so from glibc IBM803.so from glibc IBM850.so from glibc IBM851.so from glibc IBM852.so from glibc IBM855.so from glibc IBM856.so from glibc IBM857.so from glibc IBM860.so from glibc IBM861.so from glibc IBM862.so from glibc IBM863.so from glibc IBM864.so from glibc IBM865.so from glibc IBM866.so from glibc IBM866NAV.so from glibc IBM868.so from glibc IBM869.so from glibc IBM870.so from glibc IBM871.so from glibc IBM874.so from glibc IBM875.so from glibc IBM880.so from glibc IBM891.so from glibc IBM901.so from glibc IBM902.so from glibc IBM903.so from glibc IBM9030.so from glibc IBM904.so from glibc IBM905.so from glibc IBM9066.so from glibc IBM918.so from glibc IBM921.so from glibc IBM922.so from glibc IBM930.so from glibc IBM932.so from glibc IBM933.so from glibc IBM935.so from glibc IBM937.so from glibc IBM939.so from glibc IBM943.so from glibc IBM9448.so from glibc IEC_P27-1.so from glibc INIS-8.so from glibc INIS-CYRILLIC.so from glibc INIS.so from glibc IO.so from perl ISIRI-3342.so from glibc ISO-2022-CN-EXT.so from glibc ISO-2022-CN.so from glibc ISO-2022-JP-3.so from glibc ISO-2022-JP.so from glibc ISO-2022-KR.so from glibc ISO-IR-197.so from glibc ISO-IR-209.so from glibc ISO646.so from glibc ISO8859-1.so from glibc ISO8859-10.so from glibc ISO8859-11.so from glibc ISO8859-13.so from glibc ISO8859-14.so from glibc ISO8859-15.so from glibc ISO8859-16.so from glibc ISO8859-2.so from glibc ISO8859-3.so from glibc ISO8859-4.so from glibc ISO8859-5.so from glibc ISO8859-6.so from glibc ISO8859-7.so from glibc ISO8859-8.so from glibc ISO8859-9.so from glibc ISO8859-9E.so from glibc ISO_10367-BOX.so from glibc ISO_11548-1.so from glibc ISO_2033.so from glibc ISO_5427-EXT.so from glibc ISO_5427.so from glibc ISO_5428.so from glibc ISO_6937-2.so from glibc ISO_6937.so from glibc JOHAB.so from glibc JP.so from perl KOI-8.so from glibc KOI8-R.so from glibc KOI8-RU.so from glibc KOI8-T.so from glibc KOI8-U.so from glibc KR.so from perl LATIN-GREEK-1.so from glibc LATIN-GREEK.so from glibc Langinfo.so from perl MAC-CENTRALEUROPE.so from glibc MAC-IS.so from glibc MAC-SAMI.so from glibc MAC-UK.so from glibc MACINTOSH.so from glibc MD2.so from python-crypto MD4.so from python-crypto MD5.so from perl MIK.so from glibc NATS-DANO.so from glibc NATS-SEFI.so from glibc NDBM_File.so from perl Normalize.so from perl Opcode.so from perl POSIX.so from perl PPPort.so from perl PT154.so from glibc Peek.so from perl Piece.so from perl-Time-Piece RIPEMD.so from python-crypto RK1048.so from glibc SAMI-WS2.so from glibc SDBM_File.so from perl SHA.so from perl-Digest-SHA SHA256.so from python-crypto SHIFT_JISX0213.so from glibc SJIS.so from glibc SSL.so from pyOpenSSL SSLeay.so from perl-Crypt-SSLeay Socket.so from perl Soundex.so from perl Storable.so from perl Symbol.so from perl SysV.so from perl Syslog.so from perl T.61.so from glibc TCVN5712-1.so from glibc TIS-620.so from glibc TSCII.so from glibc TW.so from perl UHC.so from glibc UNICODE.so from glibc UTF-16.so from glibc UTF-32.so from glibc UTF-7.so from glibc Unicode.so from perl Util.so from perl VISCII.so from glibc X11.so from ghostscript XOR.so from python-crypto Zlib.so from perl-Compress-Raw-Zlib __m2crypto.so from m2crypto _backend_agg.so from python-matplotlib _backend_gdk.so from python-matplotlib _bisectmodule.so from python-libs _bsddb.so from python-libs _bytesio.so from python-libs _cairo.so from pycairo _capi.so from numpy _certificate.so from python-rhsm _cntr.so from python-matplotlib _codecs_cn.so from python-libs _codecs_hk.so from python-libs _codecs_iso2022.so from python-libs _codecs_jp.so from python-libs _codecs_kr.so from python-libs _codecs_tw.so from python-libs _collectionsmodule.so from python-libs _compiled_base.so from numpy _cryptmodule.so from python-libs _csv.so from python-libs _ctypes.so from python-libs _curses.so from python-libs _curses_panel.so from python-libs _dbus_bindings.so from dbus-python _dbus_glib_bindings.so from dbus-python _delaunay.so from python-matplotlib _dotblas.so from numpy _elementtree.so from python-libs _fastmath.so from python-crypto _fileio.so from python-libs _functoolsmodule.so from python-libs _gio.so from pygobject2 _glib.so from pygobject2 _gobject.so from pygobject2 _gpgme.so from pygpgme _gtkagg.so from python-matplotlib _hashlib.so from python-libs _heapq.so from python-libs _hotshot.so from python-libs _image.so from python-matplotlib _json.so from python-libs _ldap.so from python-ldap _localemodule.so from python-libs _lsprof.so from python-libs _multibytecodecmodule.so from python-libs _multiprocessing.so from python-libs _path.so from python-matplotlib _png.so from python-matplotlib _pyabrt.so from abrt-python _pyreport.so from libreport-python _randommodule.so from python-libs _reportclient.so from libreport-python _rpmbmodule.so from rpm-python _rpmmodule.so from rpm-python _snackmodule.so from newt-python _socketmodule.so from python-libs _sort.so from numpy _sqlite3.so from python-libs _sqlitecache.so from yum-metadata-parser _ssl.so from python-libs _struct.so from python-libs _weakref.so from python-libs acutilmodule.so from authconfig ad.so from samba-winbind adex.so from samba-winbind arraymodule.so from python-libs asq.so from libldb attrs.so from perl audioop.so from python-libs autorid.so from samba-winbind binascii.so from python-libs bz2.so from python-libs cPickle.so from python-libs cStringIO.so from python-libs cmathmodule.so from python-libs config_direct.so from libproxy config_envvar.so from libproxy config_file.so from libproxy config_wpad.so from libproxy crypto.so from pyOpenSSL datetime.so from python-libs dbm.so from python-libs default_encoding_utf8.so from ipa-python details.so from plymouth dlmodule.so from python-libs dmidecodemod.so from python-dmidecode drm.so from plymouth encoding.so from perl ethtool.so from python-ethtool etree.so from python-lxml fcntlmodule.so from python-libs fftpack_lite.so from numpy frame-buffer.so from plymouth ft2font.so from python-matplotlib future_builtins.so from python-libs gcore.so from crash-gcore-command gdbmmodule.so from python-libs grpmodule.so from python-libs gudev.so from python-gudev hash.so from samba-winbind ignore_domain.so from libproxy ignore_ip.so from libproxy imageop.so from python-libs imfile.so from rsyslog imklog.so from rsyslog immark.so from rsyslog impstats.so from rsyslog imptcp.so from rsyslog imtcp.so from rsyslog imudp.so from rsyslog imuxsock.so from rsyslog itertoolsmodule.so from python-libs iwlib.so from python-iwlib kerberos.so from python-kerberos krbVmodule.so from python-krbV lapack_lite.so from numpy libLLVM-3.6-mesa.so from mesa-private-llvm libQtAssistantClient.so.4 from qt-x11 libabrt_web.so.0 from libreport libatlas.so.3 from atlas libbfd-2.20.51.0.2-5.44.el6.so from binutils libbtparser.so.2 from btparser libcapi.so from openssl libcblas.so.3 from atlas libccan-samba4.so from samba4-libs libck-connector.so.0 from ConsoleKit-libs libclapack.so.3 from atlas libcupsdriver.so.1 from cups-libs libdcerpc-atsvc.so.0 from samba4-libs libdfs-server-ad-samba4.so from samba4-libs libdnsserver-common-samba4.so from samba4-libs libdrm_nouveau2.so.2 from libdrm libebl_aarch64-0.164.so from elfutils-libs libebl_alpha-0.164.so from elfutils-libs libebl_arm-0.164.so from elfutils-libs libebl_i386-0.164.so from elfutils-libs libebl_ia64-0.164.so from elfutils-libs libebl_ppc-0.164.so from elfutils-libs libebl_ppc64-0.164.so from elfutils-libs libebl_s390-0.164.so from elfutils-libs libebl_sh-0.164.so from elfutils-libs libebl_sparc-0.164.so from elfutils-libs libebl_tilegx-0.164.so from elfutils-libs libebl_x86_64-0.164.so from elfutils-libs libeggdbus-1.so.0 from eggdbus liberrors-samba4.so from samba4-libs libevent-1.4.so.2 from libevent libevent_core-1.4.so.2 from libevent libevent_extra-1.4.so.2 from libevent libf77blas.so.3 from atlas libfakeroot-0.so from fakeroot-libs libgconfbackend-evoldap.so from GConf2 libgensec.so.0 from samba4-libs libgettextlib-0.17.so from gettext libgettextsrc-0.17.so from gettext libgnutls-extra.so.26 from gnutls libgpgme-pth.so.11 from gpgme libgssglue.so.1 from libgssglue libgstvideo4linux.so from gstreamer-plugins-base libhal-storage.so.1 from hal-libs libhal.so.1 from hal-libs libhunspell-1.2.so.0 from hunspell libip6t_SET.so from iptables-ipv6 libip6t_set.so from iptables-ipv6 libipt_SET.so from iptables libipt_addrtype.so from iptables libipt_ecn.so from iptables libipt_set.so from iptables libiw.so.29 from wireless-tools libldif-2.4.so.2 from openldap libmp.so.3 from gmp libmysqlclient_r.so.16 from mysql-libs libnih-dbus.so.1 from libnih libnih.so.1 from libnih libntdb.so.1 from samba4-libs libnullbackend.so from polkit libopcodes-2.20.51.0.2-5.44.el6.so from binutils libpadlock.so from openssl libpangox-1.0.so.0 from pango libparted-2.1.so.0 from parted libphonon_gstreamer.so from phonon-backend-gstreamer libpkexec-action-lookup.so from polkit libpolkit-backend-1.so.0 from polkit libproc-3.2.8.so from procps libptcblas.so.3 from atlas libptf77blas.so.3 from atlas libpulsecommon-0.9.21.so from pulseaudio-libs libpython2.6.so.1.0 from python-libs libregistry.so.0 from samba4-libs librpcsecgss.so.3 from nfs-utils-lib libsmbclient-raw.so.0 from samba4-libs libstdbuf.so from coreutils-libs libtdb-compat-samba4.so from samba4-libs libtopology.so.0 from libtopology libusbpp-0.1.so.4 from libusb libutil-ntdb-samba4.so from samba4-libs libverto-k5ev.so.0 from krb5-libs linuxaudiodev.so from python-libs lmnet.so from rsyslog lmnetstrms.so from rsyslog lmnsd_ptcp.so from rsyslog lmregexp.so from rsyslog lmstrmsrv.so from rsyslog lmtcpclt.so from rsyslog lmtcpsrv.so from rsyslog lmzlibw.so from rsyslog lookup_file.so from autofs lookup_hesiod.so from autofs lookup_hosts.so from autofs lookup_ldap.so from autofs lookup_multi.so from autofs lookup_nisplus.so from autofs lookup_program.so from autofs lookup_sss.so from autofs lookup_userhome.so from autofs lookup_yp.so from autofs m_xt.so from iproute magic.so from python-magic mathmodule.so from python-libs memberof.so from sssd-common mga_dri.so from mesa-dri1-drivers mmapmodule.so from python-libs mount_afs.so from autofs mount_autofs.so from autofs mount_bind.so from autofs mount_changer.so from autofs mount_ext2.so from autofs mount_generic.so from autofs mount_nfs.so from autofs mro.so from perl mtrand.so from numpy multiarray.so from numpy multiarray_tests.so from numpy network_networkmanager.so from libproxy nismodule.so from python-libs nsswitch.so from nfs-utils-lib nxutils.so from python-matplotlib objectify.so from python-lxml ommail.so from rsyslog omprog.so from rsyslog omruleset.so from rsyslog omtesting.so from rsyslog omuxsock.so from rsyslog operator.so from python-libs ossaudiodev.so from python-libs p11-kit-trust.so from p11-kit-trust paged_results.so from libldb paged_searches.so from libldb pam_access.so from pam pam_cap.so from libcap pam_chroot.so from pam pam_ck_connector.so from ConsoleKit-libs pam_console.so from pam pam_cracklib.so from pam pam_debug.so from pam pam_deny.so from pam pam_echo.so from pam pam_env.so from pam pam_exec.so from pam pam_faildelay.so from pam pam_faillock.so from pam pam_filter.so from pam pam_fprintd.so from fprintd-pam pam_ftp.so from pam pam_group.so from pam pam_issue.so from pam pam_keyinit.so from pam pam_krb5.so from pam_krb5 pam_lastlog.so from pam pam_limits.so from pam pam_listfile.so from pam pam_localuser.so from pam pam_loginuid.so from pam pam_mail.so from pam pam_mkhomedir.so from pam pam_motd.so from pam pam_namespace.so from pam pam_nologin.so from pam pam_oddjob_mkhomedir.so from oddjob-mkhomedir pam_passwdqc.so from pam_passwdqc pam_permit.so from pam pam_postgresok.so from pam pam_pwhistory.so from pam pam_rhosts.so from pam pam_rootok.so from pam pam_securetty.so from pam pam_selinux.so from pam pam_sepermit.so from pam pam_shells.so from pam pam_smbpass.so from samba-common pam_sss.so from sssd-client pam_stress.so from pam pam_succeed_if.so from pam pam_tally2.so from pam pam_time.so from pam pam_timestamp.so from pam pam_tty_audit.so from pam pam_umask.so from pam pam_unix.so from pam pam_userdb.so from pam pam_warn.so from pam pam_wheel.so from pam pam_winbind.so from samba-winbind-clients pam_xauth.so from pam pango-arabic-fc.so from pango pango-arabic-lang.so from pango pango-basic-x.so from pango pango-hangul-fc.so from pango pango-hebrew-fc.so from pango pango-indic-fc.so from pango pango-indic-lang.so from pango pango-khmer-fc.so from pango pango-syriac-fc.so from pango pango-thai-fc.so from pango pango-thai-lang.so from pango pango-tibetan-fc.so from pango parse_amd.so from autofs parse_hesiod.so from autofs parse_sun.so from autofs parsermodule.so from python-libs plugin_blk.so from trace-cmd plugin_cfg80211.so from trace-cmd plugin_function.so from trace-cmd plugin_hrtimer.so from trace-cmd plugin_jbd2.so from trace-cmd plugin_kmem.so from trace-cmd plugin_kvm.so from trace-cmd plugin_mac80211.so from trace-cmd plugin_sched_switch.so from trace-cmd plugin_scsi.so from trace-cmd plugin_xen.so from trace-cmd pmlastmsg.so from rsyslog pycurl.so from python-pycurl pyexpat.so from python-libs r128_dri.so from mesa-dri1-drivers rand.so from pyOpenSSL rdn_name.so from libldb re.so from perl readline.so from python-libs resource.so from python-libs rid.so from samba-winbind sample.so from libldb savage_dri.so from mesa-dri1-drivers scalar.so from perl scalarmath.so from numpy selectmodule.so from python-libs server_sort.so from libldb shared.so from perl skel.so from libldb smixer-ac97.so from alsa-lib smixer-hda.so from alsa-lib smixer-sbase.so from alsa-lib spwdmodule.so from python-libs sss.so from sssd-common sssd_krb5_localauth_plugin.so from sssd-client sssd_krb5_locator_plugin.so from sssd-client sssd_pac_plugin.so from sssd-client staplog.so from systemtap-runtime static.so from nfs-utils-lib stropmodule.so from python-libs syslog.so from python-libs talloc.so from pytalloc tdb.so from libldb tdb2.so from samba-winbind termios.so from python-libs text.so from plymouth threads.so from perl timemodule.so from python-libs timingmodule.so from python-libs trace.so from crash-trace-command ttconv.so from python-matplotlib umath.so from numpy umath_tests.so from numpy umich_ldap.so from nfs-utils-lib unichrome_dri.so from mesa-dri1-drivers unicodedata.so from python-libs unix.so from pygobject2 vgpreload_core-amd64-linux.so from valgrind vgpreload_core-x86-linux.so from valgrind vgpreload_drd-amd64-linux.so from valgrind vgpreload_drd-x86-linux.so from valgrind vgpreload_exp-dhat-amd64-linux.so from valgrind vgpreload_exp-dhat-x86-linux.so from valgrind vgpreload_exp-sgcheck-amd64-linux.so from valgrind vgpreload_exp-sgcheck-x86-linux.so from valgrind vgpreload_helgrind-amd64-linux.so from valgrind vgpreload_helgrind-x86-linux.so from valgrind vgpreload_massif-amd64-linux.so from valgrind vgpreload_massif-x86-linux.so from valgrind vgpreload_memcheck-amd64-linux.so from valgrind vgpreload_memcheck-x86-linux.so from valgrind via.so from perl wpad_dns.so from libproxy wpad_dnsdevolution.so from libproxy xxsubtype.so from python-libs zlibmodule.so from python-libs We checked the requirements in Non-RH signed packages, but for the non rpm-packaged binaries, you should check the compatibility list yourself by using e.g. ldd <binary> command. If some of your application uses the library on the list above, you may need to get the .so library from different place or search for an alternative. |
CGROUP_DAEMON in sysconfig scripts
Rule ID | xccdf_preupg_rule_system_SysconfigCgroupDaemon_check |
Result | pass |
Time | 2017-01-05T10:10:53 |
Severity | |
Identifiers and References | |
Description | 'Check script searches /etc/sysconfig/* for CGROUP_DAEMON variable' |
Checking the system version and variant
Rule ID | xccdf_preupg_rule_system_SystemVersion_check |
Result | pass |
Time | 2017-01-05T10:10:53 |
Severity | |
Identifiers and References | |
Description | The module checks if the system is the last released version and a supported variant for the upgrade to be successful |
Checking for the AIDE tool
Rule ID | xccdf_preupg_rule_system_aide_aide |
Result | notapplicable |
Time | 2017-01-05T10:10:53 |
Severity | |
Identifiers and References | |
Description | The AIDE tool is used for "guarding" the system integrity. The module detects if AIDE is installed and being used. |
SCE stdout
|
CA certificate bundles modified
Rule ID | xccdf_preupg_rule_system_ca-certificates_checkbundles |
Result | pass |
Time | 2017-01-05T10:10:53 |
Severity | |
Identifiers and References | |
Description | Later versions of RHEL include a shared store for certificate authorities. Additional trusted certificate authorities must be placed in the new location rather that modifying the distributed certificate authority bundles. The Preupgrade assistant cannot automatically identify how certificate bundles have been modified on this system. |
Developer Tool Set packages
Rule ID | xccdf_preupg_rule_system_dts_dts |
Result | pass |
Time | 2017-01-05T10:10:53 |
Severity | |
Identifiers and References | |
Description | Content checks whether Red Hat Developer Tool Set packages are installed. |
GRUB to GRUB2 migration
Rule ID | xccdf_preupg_rule_system_grub_grub |
Result | needs_inspection |
Time | 2017-01-05T10:10:53 |
Severity | |
Identifiers and References | |
Description | The module informs user about need to migrate GRUB to GRUB2 manually. Also backs up splash.xpm.gz if necessary. |
SCE stdout
| |
Remediation description: GRUB is used as a loader of the Linux system. However, Red Hat Enterprise Linux 7 does not ship GRUB anymore. Instead, it ships GRUB2 only. Because the configuration system has been completely overhauled, it is not possible to migrate the GRUB setup to GRUB2 automatically. During the upgrade process, GRUB will be preserved in the Master Boot Record and a temporary GRUB configuration will be deployed to allow you to boot into the upgraded system. Because it is not possible to support the temporary configuration, you need to rewrite it and install GRUB2 to the Master Boot Record manually after the upgrade. For details on GRUB2, see the System Administrator's Guide: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/ch-Working_with_the_GRUB_2_Boot_Loader.html File /boot/grub/splash.xpm.gz will be preserved as well in order to work around behavior of legacy GRUB. You may safely delete this file once your GRUB2 setup is working. |
Workaround for crashing grubby.
Rule ID | xccdf_preupg_rule_system_grubby_check |
Result | fixed |
Time | 2017-01-05T10:10:53 |
Severity | |
Identifiers and References | |
Description | Workaround for crashing grubby. Fill initrd in /boot/grub/grub.conf by a postupgrade script. |
Remediation description: This content works around crashing grubby. It modifies /boot/grub/grub.conf by adding initrd. |
Obsoleted HAL (Hardware Abstraction Layer)
Rule ID | xccdf_preupg_rule_system_hal_check_script |
Result | pass |
Time | 2017-01-05T10:10:57 |
Severity | |
Identifiers and References | |
Description | Check for packages dependent on hal. |
Hyper-V
Rule ID | xccdf_preupg_rule_system_hyperv_check |
Result | pass |
Time | 2017-01-05T10:10:57 |
Severity | |
Identifiers and References | |
Description | Check if this system runs on Hyper-V. |
Content for enabling and disabling services based on RHEL 6 system
Rule ID | xccdf_preupg_rule_system_initscripts_control_check |
Result | needs_action |
Time | 2017-01-05T10:11:02 |
Severity | |
Identifiers and References | |
Description | The content checks what services are enabled or disabled on assessment system and if the services will be enabled or disabled on RHEL 7 system. |
SCE stdout
| |
Remediation description: The content detects some services which are disabled by default on Red Hat Enterprise Linux 7 system. |
Check for ethernet interface naming
Rule ID | xccdf_preupg_rule_system_initscripts_ifcfg_check_script |
Result | needs_inspection |
Time | 2017-01-05T10:11:02 |
Severity | |
Identifiers and References | |
Description | The content checks if network interface names set through /etc/sysconfig/network-scripts/ifcfg-* files are compatible with device naming in Red Hat Enterprise Linux 7. |
SCE stdout
| |
Remediation description: Red Hat Enterprise Linux 7 still offers possibility to specifying names for network interface by setting DEVICE and HWADDR options in /etc/sysconfig/network-scripts/ifcfg-* configuration files. Unfortunally udev does not support swapping interface names anymore. In the case that you set ethX names to multiple network card and kernel discovers them in different order, udev rule 60-net.rules will most likely fail. It is highly recommended to rename such interfaces or remove DEVICE line from ifcfg configuration files. Red Hat Enterprise Linux 7 also introduces predictable network interface device names: http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/ |
User modification in /etc/rc.local and /etc/rc.d/rc.local
Rule ID | xccdf_preupg_rule_system_initscripts_rc-local_rclocal |
Result | pass |
Time | 2017-01-05T10:11:02 |
Severity | |
Identifiers and References | |
Description | The content checks whether user modifies files /etc/rc.local and /etc/rc.d/rc.local |
Kernel-kdump package on s390x architecture
Rule ID | xccdf_preupg_rule_system_kernel-kdump_check |
Result | notapplicable |
Time | 2017-01-05T10:11:02 |
Severity | |
Identifiers and References | |
Description | Check for invalid /etc/zipl.conf records on s390x architecture |
cgroups configuration compatibility check
Rule ID | xccdf_preupg_rule_system_libcgroup_cgroups |
Result | needs_action |
Time | 2017-01-05T10:11:02 |
Severity | |
Identifiers and References | |
Description | Checks libcgroup configuration files File(s) affected:
|
SCE stdout
| |
Remediation description: In previous versions of Red Hat Enterprise Linux, system administrators built custom cgroup hierarchies with use of the cgconfig command from the libcgroup package. This package is now deprecated. There is only special situation, in which libgroups should be used. Red Hat Enterprise Linux 7 moves the resource management settings from the process level to the application level by binding the cgroup hierarchy with the systemd unit hierarchy. Therefore, you can manage the cgroup tree with systemctl commands. For more details see Red Hat Enterprise Linux 7 Resource Management Guide, Chapter 2 (Using Control Groups): https://documentation-devel.engineering.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Resource_Management_Guide/ch-Using_Control_Groups.html Chapter 3 (Using libcgroup Tools) https://documentation-devel.engineering.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Resource_Management_Guide/ch-Using_libcgroup_Tools.html |
Plugable authentication modules (PAM)
Rule ID | xccdf_preupg_rule_system_pam_pam |
Result | pass |
Time | 2017-01-05T10:11:02 |
Severity | |
Identifiers and References | |
Description | Content checks for no-longer supported pluggable authentication modules |
Foreign Perl modules
Rule ID | xccdf_preupg_rule_system_perl_check |
Result | informational |
Time | 2017-01-05T10:12:15 |
Severity | |
Identifiers and References | |
Description | Find Perl modules which need to be checked for proper functionality with newer Perl version on the Red Hat Enterprise Linux 7 system because they are not distributed by Red Hat |
Remediation description: Perl was updated from version 5.10 to version 5.16. Please read Perl section in the Red Hat Enterprise Linux 7 Developer Guide for more details. Following Perl module files located in system Perl paths are either not handled by any package or not signed by Red Hat: |
PHP modules
Rule ID | xccdf_preupg_rule_system_php_check |
Result | notapplicable |
Time | 2017-01-05T10:12:15 |
Severity | |
Identifiers and References | |
Description | Find PHP modules which need to be checked for proper functionality with newer PHP version on the Red Hat Enterprise Linux 7 system because they are not distributed by Red Hat |
SCE stdout
|
PolicyKit (alias polkit) config files
Rule ID | xccdf_preupg_rule_system_polkit_check |
Result | informational |
Time | 2017-01-05T10:12:16 |
Severity | |
Identifiers and References | |
Description | PolicyKit has important changes of config files. Check modyfied and owns config files. |
Remediation description: PolicyKit (alias polkit) doesn't use *.conf *.pkla file. Everything is inside *.rules files instead, which contains rules written in javascript (See more in Red Hat Enterprise Linux 7 Desktop Migration and Administration Guide, chapter 4). |
Information about the changes in Python packages
Rule ID | xccdf_preupg_rule_system_python_check |
Result | needs_inspection |
Time | 2017-01-05T10:12:20 |
Severity | |
Identifiers and References | |
Description | The module provides you with a list of packages that need to be rebuilt for version 2.7.5 of the Python programming language that is shipped with Red Hat Enterprise Linux 7. |
SCE stdout
| |
Remediation description: Red Hat Enterprise Linux 7 contains Python version 2.7.5. For more information about the differences from older versions and for further details, see https://access.redhat.com/site/articles/676453. The files and directories listed above are not owned by any RPM packages or are owned by an RPM package that is not signed by Red Hat. These packages need to be rebuilt and reinstalled in order to work with Python 2.7.5. |
Save repositories for kickstart
Rule ID | xccdf_preupg_rule_system_repositories_check |
Result | needs_inspection |
Time | 2017-01-05T10:12:20 |
Severity | |
Identifiers and References | |
Description | Content checks enabled repositories. Name and baseurl are stored to file available-repos in kickstart directory. |
SCE stdout
| |
Remediation description: The content stores enabled repositories for kickstart issues in file ./kickstart/available-repos During kickstart generation these repositories are added to kickstart script. |
Check system requirements
Rule ID | xccdf_preupg_rule_system_requirements_check |
Result | pass |
Time | 2017-01-05T10:12:20 |
Severity | |
Identifiers and References | |
Description | Check if system comply minimum requirements |
Ruby 2.0.0
Rule ID | xccdf_preupg_rule_system_ruby_check |
Result | notapplicable |
Time | 2017-01-05T10:12:20 |
Severity | |
Identifiers and References | |
Description | This module provides you with a list of packages that need to be rebuilt for version 2.0.0 of the Ruby programming language, which is shipped with Red Hat Enterprise Linux 7. |
SCE stdout
|
SCL collections
Rule ID | xccdf_preupg_rule_system_scl-collection_scl |
Result | pass |
Time | 2017-01-05T10:12:20 |
Severity | |
Identifiers and References | |
Description | Content checks whether RHSCL are installed |
Red Hat Network Classic Unsupported
Rule ID | xccdf_preupg_rule_system_subscription_subscription |
Result | notapplicable |
Time | 2017-01-05T10:12:20 |
Severity | |
Identifiers and References | |
Description | This module determines if this system is registered with the Red Hat Network Classic. |
Red Hat Subscription Manager
Rule ID | xccdf_preupg_rule_system_subscription-manager_check |
Result | pass |
Time | 2017-01-05T10:12:20 |
Severity | |
Identifiers and References | |
Description | This module adds new option to the configuration file, if it is not there already. |
System kickstart
Rule ID | xccdf_preupg_rule_system_system-kickstart_ks |
Result | pass |
Time | 2017-01-05T10:12:21 |
Severity | |
Identifiers and References | |
Description | Copy system kickstart from /root/ to directory with results |
Tuned profiles
Rule ID | xccdf_preupg_rule_system_tuned_check |
Result | notapplicable |
Time | 2017-01-05T10:12:21 |
Severity | |
Identifiers and References | |
Description | Content checks tuned custom profiles on the system and store them to postupgrade directory. |
UEFI bootloader
Rule ID | xccdf_preupg_rule_system_uefi_check |
Result | informational |
Time | 2017-01-05T10:12:21 |
Severity | |
Identifiers and References | |
Description | It is necessary to migrate UEFI systems to grub2-efi |
Remediation description: This system does not use EFI. Preupgrade Assistant will not replace your current bootloader automatically, it is too dangerous. If you wish to use GRUB2, do it manually after the upgrade using grub2-install and grub2-mkconfig. |
YABOOT bootloader
Rule ID | xccdf_preupg_rule_system_yaboot_check |
Result | notapplicable |
Time | 2017-01-05T10:12:21 |
Severity | |
Identifiers and References | |
Description | It is necessary to migrate YABOOT to grub2 |
YUM
Rule ID | xccdf_preupg_rule_system_yum_yum |
Result | informational |
Time | 2017-01-05T10:12:23 |
Severity | |
Identifiers and References | |
Description | Content checks YUM configuration file |
Remediation description: In RHEL 7 functionality of yum-plugin-security is a part of yum core. After the upgrade it will be impossible to undo/redo/rollback to pre-upgrade yum transactions. Please run 'yum history new' after the upgrade to start a new history file. The way yum groups work has changed in RHEL 7. By default yum treats groups as objects now. Please refer to the documentation for more information. |
Check for usage of dangerous ranges of UID and GIDs
Rule ID | xccdf_preupg_rule_usrmgmt_DangerousRanges_dangerousranges |
Result | pass |
Time | 2017-01-05T10:12:23 |
Severity | |
Identifiers and References | |
Description | This module checks for IDs in the 0-199 range used without reservations. This module also checks for IDs which need to be moved from the 501-999 range prior to migration. |
Incorrect usage of reserved UID/GIDs
Rule ID | xccdf_preupg_rule_usrmgmt_ReservedIDs_reservedids |
Result | needs_inspection |
Time | 2017-01-05T10:12:26 |
Severity | |
Identifiers and References | |
Description | Reserved user and group IDs by setup package changed between the RHEL 6 and RHEL 7. This may in some cases cause the unfunctionality of your system after the migration. This check should mitigate the risks. |
SCE stdout
| |
Remediation description: The packages may create system accounts with static IDs based on the reservation in the /usr/share/doc/setup-*/uidgid file. If you have any violations against the uidgid file reservation, the applications might not work properly or they might cause some unexpected behaviour. As the reservations between different releases of Red Hat Enterprise Linux might differ, please check carefully findings below. Especially cases when an ID reserved by an application is used by different account are really important. Using different account then reserved might cause interoperability issues. Invalid GID used for games account - now 100, should be 20. This may cause troubles when exact static user id is expected by some application. Id 6 reserved for amandabackup is used by disk Account amandabackup should be created by the package(s) amanda. If you plan to use them on system, it may cause troubles as the account amandabackup might not be created properly. These issues usually don't cause critical failures, but in rare cases can contribute to some hard to analyze failures in the case that the system id values are hard-coded in the application. |
Check libuser.conf
Rule ID | xccdf_preupg_rule_usrmgmt_libuser_check |
Result | pass |
Time | 2017-01-05T10:12:26 |
Severity | |
Identifiers and References | |
Description | Check for rejected configuration in /etc/libuser.conf about combination ldap module with others, due to ambiguity in password handling. |
NIS ypbind config files back-up
Rule ID | xccdf_preupg_rule_usrmgmt_ypbind_backup_config |
Result | notapplicable |
Time | 2017-01-05T10:12:26 |
Severity | |
Identifiers and References | |
Description | Saving NIS ypbind config files. File(s) affected:
|
SCE stdout
|
NIS Makefile back-up
Rule ID | xccdf_preupg_rule_usrmgmt_ypserv_makefile_config_backup_config |
Result | notapplicable |
Time | 2017-01-05T10:12:26 |
Severity | |
Identifiers and References | |
Description | Content for saving NIS Makefile for generationg maps. File(s) affected:
|
SCE stdout
|
NIS server maps check
Rule ID | xccdf_preupg_rule_usrmgmt_ypserv_maps_dbm_maps_check |
Result | notapplicable |
Time | 2017-01-05T10:12:26 |
Severity | |
Identifiers and References | |
Description | This content only warns user that maps need to be re-generated because a different back-end format is used in RHEL 7 for caching maps. |
SCE stdout
|
NIS server MAXUID and MAXGID limits check
Rule ID | xccdf_preupg_rule_usrmgmt_ypserv_max_uid_gid_max_uid_gid_check |
Result | notapplicable |
Time | 2017-01-05T10:12:26 |
Severity | |
Identifiers and References | |
Description | Check if some users managed by NIS ypserv use UID/GID between 500 and 1000, which might cause issues after upgrade |
SCE stdout
|
NIS server config file back-up
Rule ID | xccdf_preupg_rule_usrmgmt_ypserv_service_configs_backup_config |
Result | notapplicable |
Time | 2017-01-05T10:12:26 |
Severity | |
Identifiers and References | |
Description | Content for saving NIS ypserv and yppasswdd config files. File(s) affected:
|
SCE stdout
|