Introduction
Scanner
- preupgrade-assistant-1.0.2-33.0.2.el6.centos
- preupgrade-assistant-contents-0.5.13-1.0.3.el6.centos
Target info
Targets
|
Addresses
|
Platforms
|
Results overview
Rule Results Summary
| pass | fixed | fail | needs inspection | needs action | error | not selected | not checked | not applicable | informational | unknown | total |
| 21 | 6 | 0 | 7 | 4 | 0 | 3 | 0 | 40 | 19 | 0 | 100 |
Rule results summary
Results details
Result for Configuration Files to Review
Result: needs_inspection
Rule ID: xccdf_preupg_rule_backup_NoverifyConfigs_noverifycfg
Time: 2020-07-15 17:06
This module stores some system configuration files that can have been modified by the user when it is not possible to automatically upgrade them.
Remediation instructions
Some packages do not track the possible performed changes to system configuration files; therefore, it cannot be easily determined if the files have been modified by the user or not. In order to allow for later examination, all configuration files not handled by the migration scripts are stored in the dirtyconf/ directory. The list of the stored files is available in the ./kickstart/noverifycfg file. The user is advised to verify the functionality of configuration files stored by this tool after a successful upgrade.
INPLACERISK: SLIGHT: We detected some files where modifications are not tracked in the rpms. You may need to check their functionality after successful upgrade.
Result for File Lists for Manual Migration
Result: needs_inspection
Rule ID: xccdf_preupg_rule_backup_UntrackedFiles_untracked
Time: 2020-07-15 17:06
This module generates lists of files, such as temporary, application, and user data files, which are not automatically migrated.
Remediation instructions
Some user data, such as user home directories and temporary files, are not tracked by the RPM database. This data will not be automatically migrated. To assist you with migrating the data, this module has generated the following three files.* The ./kickstart/untrackedsystem file lists the regular files on the system that will not be migrated. The list does not contain files mounted over the network, files created by runtime system operations, files in temporary locations, and user files in the /home/ or /root/ directory.
* The ./kickstart/untrackeduser file lists the regular local files in the /home/ and /root/ directories that will not be migrated. If the /home/ and /root/ directories are on a file system mounted over the network, this file can be empty.
* The ./kickstart/untrackedexpected file lists the regular files and symlinks created by runtime system operations (for example handling runlevels, alternatives and active SELinux modules). Most likely you don't need to care about them, list is available just for completeness.
* The ./kickstart/untrackedtemporary file lists all temporary local files on the system that will not be migrated. This is essentially everything in the /cgroup/, /tmp/, and /var/ directories. Most likely you don't need to care about them, list is available just for completeness.
It is recommended that you backup all data before proceeding with the upgrade to Red Hat Enterprise Linux 7. This data can be quite large.
If you are performing an in-place upgrade, this data should remain in its current location after the upgrade. Configuration files and other data should be reviewed to determine if any modifications are needed for use with Red Hat Enterprise Linux 7. You should verify that all data was successfully maintained.
If you are performing a migration upgrade, this data must be backed up to another storage medium. You will need to copy the data you wish to have on the new installation back into place after the upgrade is complete. Configuration files and other data should be reviewed to determine if any modifications are needed for use with Red Hat Enterprise Linux 7.
INPLACERISK: SLIGHT: We detected some files untracked by rpms. Some of these may need manual check/migration after redhat-upgrade-tool and/or can cause conflicts or troubles during the installation. Try to reduce unnecessary untracked files before running redhat-upgrade-tool.
Result for several kernel networking drivers not available in Red Hat Enterprise Linux 7
Result: pass
Rule ID: xccdf_preupg_rule_drivers_ObsoletedNetworkDrivers_obsoletedNetworkDrivers
Time: 2020-07-15 17:06
Several kernel networking drivers were removed from Red Hat Enterprise Linux 7.
Result for several kernel storage drivers not available in Red Hat Enterprise Linux 7
Result: pass
Rule ID: xccdf_preupg_rule_drivers_ObsoletedStorageDrivers_obsoletedStorageDrivers
Time: 2020-07-15 17:06
Several kernel storage drivers were deprecated or removed in Red Hat Enterprise Linux 7.
Result for Compatibility Between iptables and ip6tables
Result: informational
Rule ID: xccdf_preupg_rule_networking_iptables_check_script
Time: 2020-07-15 17:06
The firewalld service is now the default firewall service.
File(s) affected:
/etc/sysconfig/iptables
/etc/sysconfig/ip6tables
Remediation instructions
If you are migrating from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7, verify whether you have the iptables-services packages installed after performing the upgrade by running the "rpm -q iptables-services" command as root. Also, verify that iptables and ip6tables services are enabled by running the "systemctl is-enabled iptables" and "systemctl is-enabled ip6tables" commands as root.For more details about migrating the firewall service from Red Hat Enterprise Linux 6, see the section about the firewalld service in the Red Hat Enterprise Linux 7 Migration Planning guide at https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Migration_Planning_Guide/.
If you perform a clean installation of Red Hat Enterprise Linux 7, the firewalld service will be installed on your system instead of iptables and ip6tables.
For further details about the firewalld service, see the section about firewalls in Red Hat Enterprise Linux 7 Security Guide. You can access the guide at https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/.
INFO iptables: Creating /root/preupgrade/postupgrade.d/reenable-iptables
WARNING iptables: Please read Remediation instructions.
Result for Net-SNMP check
Result: informational
Rule ID: xccdf_preupg_rule_networking_net-snmp_check_script
Time: 2020-07-15 17:06
Check if Net-SNMP daemon (snmpd) is enabled.
Remediation instructions
Net-SNMP in Red Hat Enterprise Linux 7 has been updated to version 5.7.2. Itincludes many fixes and new features.
In most configurations, no changes to configuration files should be necessary,
check following Knowledge Base article for known incompatibilities:
https://access.redhat.com/site/articles/696163
All applications consuming SNMP data from this system should be carefully
retested with the updated Net-SNMP package.
INPLACERISK: SLIGHT: Net-SNMP daemon is enabled. Please check Knowledge Base article for known incompatibilities.
Result for Reusable Configuration Files
Result: fixed
Rule ID: xccdf_preupg_rule_others_NoVersionChangeEtc_nochange
Time: 2020-07-15 17:06
The module provides a list of the configuration files that can be reused in Red Hat Enterprise Linux 7.
Remediation instructions
Some packages are the same in Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 6, therefore the current configuration files for these packages can be safely reused. This module stores these files in the /root/preupgrade/cleanconf/etc/ directory.Result for VCS repositories
Result: informational
Rule ID: xccdf_preupg_rule_others_vcsrepos_check_script
Time: 2020-07-15 17:06
Find Versin Control System repositories in /home and /root - git, svn, cvs, bzr.
Remediation instructions
VCS repositories not found.Result for Packages not signed by CentOS
Result: needs_action
Rule ID: xccdf_preupg_rule_packages_NonCentOSSignedPkg_noncentospkg
Time: 2020-07-15 17:06
Packages not signed by CentOS will not be upgraded
Remediation instructions
Packages which are not signed with the official CentOS keys will not be upgraded. These packages are typically provided by third parties or have been modified in some way. There is a high risk of incompatibility with these packages as they have not been verified by CentOS. For upgrade assistance, contact the vendors of these packages.You can find a list of all unsigned packages including the vendor names in the kickstart/noncentospkgs file.
INPLACERISK: HIGH: We detected some non-CentOS signed packages, you can find the list in /root/preupgrade/./kickstart/noncentospkgs. You need to handle them yourself!
Result for Obsoleted rpms
Result: needs_inspection
Rule ID: xccdf_preupg_rule_packages_ObsoletedPackages_ObsoletedPkg
Time: 2020-07-15 17:06
Some rpms were obsoleted from the set of the packages between RHEL 6 and RHEL 7. This content checks for the package obsoletes from your set of Red Hat packages.
Remediation instructions
Some of the packages were obsoleted between RHEL 6 and RHEL 7. This meansRed Hat provides some alternative for them, but these alternatives may be
not 100% compatible - thus we don't replace them automatically. For some of
the obsoletes you will get the incompatibilities from separate preupgrade
contents and you can adjust your workflow according to the changes. Sometimes,
package might be replaced by several others.
Following packages were obsoleted by different ones:
ConsoleKit was obsoleted by systemd
btparser was obsoleted by satyr
classpathx-mail was obsoleted by javamail
cpuspeed was obsoleted by kernel-tools,kernel
eggdbus was obsoleted by glib2
grub was obsoleted by grub2
hal was obsoleted by systemd
jakarta-commons-daemon was obsoleted by apache-commons-daemon
java-1.5.0-gcj was obsoleted by java-1.7.0-openjdk,java-1.7.0-openjdk-headless
mingetty was obsoleted by util-linux
mod_perl was obsoleted by mod_fcgid
pam_passwdqc was obsoleted by libpwquality
readahead was obsoleted by systemd
seekwatcher was obsoleted by iowatcher
tomcat6-jsp-2.1-api was obsoleted by tomcat-jsp-2.2-api
tomcat6-lib was obsoleted by tomcat-lib
tomcat6-servlet-2.5-api was obsoleted by tomcat-servlet-3.0-api
udev was obsoleted by systemd
upstart was obsoleted by systemd
vconfig was obsoleted by iproute
If some NonRH signed package requires these packages, you may need to check if the
alternative solution provided by Red Hat does work for you or get the missing package
from different sources than RHEL. You need to install these new packages yourself
after the assessment, as Red Hat can't assess the compatibility for you.
INPLACERISK: MEDIUM: We detected some packages installed on the system were removed (obsoleted) between RHEL 6 and RHEL 7. This may break the functionality of the packages depending on them.
Result for Removed options in coreutils binaries
Result: informational
Rule ID: xccdf_preupg_rule_packages_RemovedOptions_coreutils_removedoptions
Time: 2020-07-15 17:06
Some options and binaries were removed from coreutils package between RHEL 6 and RHEL 7. This informative content lists the incompatibilities.
Remediation instructions
Some options and binaries were removed from coreutils package betweenRHEL 6 and RHEL 7. This may break functionality of some of your scripts.
All option/binaries removals with solutions are listed bellow.
factor : --verbose renamed to --debug
install : --preserve_context is removed, --preserve-context can be used
instead
nl : RHEL 6 deprecated option --page-increment removed, --line-increment
can be used instead
runuser and su binaries moved to util-linux rpm
stat: -Z / --context option support was removed, SELinux context is now
part of the default format. Formatting changed, though.
touch: undocumented and deprecated --file option support removed,
--reference should be used instead.
mkdir,mknod,mkfifo,cp,install: short -Z option no longer accepts the argument
and sets default SELinux context, --context=CTX long option has to be used
for setting context to CTX
Please check that your scripts are aware of these changes.
Result for Removed options in gawk binaries
Result: informational
Rule ID: xccdf_preupg_rule_packages_RemovedOptions_gawk_removedoptions
Time: 2020-07-15 17:06
Some options and binaries were removed from gawk package between RHEL 6 and RHEL 7. This informative content lists the incompatibilities.
Remediation instructions
Some options were removed from gawk package binaries between RHEL 6and RHEL 7. This may break functionality of some of your scripts.
All option removals with solutions are listed bellow.
awk/gawk/pgawk: --compat - option was removed, alternative is
--traditional
--copyleft - option was removed, alternative is
--copyright/-C
--gen-po - option was replaced by --gen-pot option
--usage
-D - short form of --parsedebug was changed to -Y
Please check that your scripts are aware of these changes.
Result for Removed options in netstat binary
Result: informational
Rule ID: xccdf_preupg_rule_packages_RemovedOptions_nettools_removedoptions
Time: 2020-07-15 17:06
Some options were removed from netstat binary between RHEL 6 and RHEL 7. This informative content lists the incompatibilities.
Remediation instructions
Some options were removed from netstat binary of net-tools package betweenRHEL 6 and RHEL 7. This may break functionality of some of your scripts.
All option removals with solutions are listed bellow.
netstat : -T/--notrim renamed to -W/--wide
Please check that your scripts are aware of these changes.
Result for Removed options in quota tools
Result: informational
Rule ID: xccdf_preupg_rule_packages_RemovedOptions_quota_removedoptions
Time: 2020-07-15 17:06
Some options have been renamed at quota tools between Red Hat Enterprise 6 and 7. This informative content lists the incompatibilities.
Remediation instructions
Some options were renamed at quota tools between Red Hat Enterprise Linux6 and 7. This may break functionality of some of your scripts. The changes
are:
/usr/bin/quota: Option --nfs-all was corrected to --all-nfs in the usage help
output. Both versions still recognize the --all-nfs option.
/usr/sbin/quota_nld: Option --no-daemon was renamed to --foreground. Short
option -F is unchanged. This is not an issue if you run quota_nld as daemon,
e.g. via init script.
/usr/sbin/repquota: Option --batch-translation was corrected to --cache in the
usage help output. Both versions still recognize the --cache option.
/usr/sbin/repquota: Option --no-batch-translation was corrected to --no-cache
in the usage help output. Both versions still recognize the --no-cache option.
Please check that your scripts are aware of these changes.
Result for Removed rpms
Result: needs_action
Rule ID: xccdf_preupg_rule_packages_RemovedPackages_RemovedPkg
Time: 2020-07-15 17:06
Some rpms were removed from the set of the packages between RHEL 6 and RHEL 7. This content checks for the package removals from your set of Red Hat packages.
Remediation instructions
Some of the packages were removed between RHEL 6 and RHEL 7. This may breakthe upgrade for some of your packages. We are not aware of any compatible
replacement for these packages.
Following packages are no longer available:
ConsoleKit-libs
MAKEDEV
TurboGears2
atmel-firmware
b43-fwcutter
b43-openfwwf
busybox
cas
cloog-ppl
dash
hal-info
hal-libs
ipw2100-firmware
ipw2200-firmware
jakarta-commons-discovery
lcms-libs
libgcj
libgssglue
libnih
libtidy
mesa-dri1-drivers
mx4j
pcmciautils
perl-BSD-Resource
ppl
python-cheetah
python-crypto
python-decoratortools
python-formencode
python-genshi
python-iwlib
python-markdown
python-myghty
python-paramiko
python-paste-deploy
python-paste-script
python-peak-rules
python-peak-util-addons
python-peak-util-assembler
python-peak-util-extremes
python-peak-util-symbols
python-prioritized-methods
python-pylons
python-repoze-tm2
python-repoze-what
python-repoze-what-pylons
python-repoze-who
python-repoze-who-testutil
python-routes
python-simplejson (required by NonRH signed package(s):python-rhsm )
python-sqlalchemy
python-toscawidgets
python-transaction
python-turbojson
python-weberror
python-webflash
python-webhelpers
python-zope-filesystem
python-zope-sqlalchemy
sinjdoc
system-config-network-tui
tomcat6-el-2.1-api
wireless-tools
zd1211-firmware
If some NonRH signed package requires these packages, you may need to ask your
vendor to provide alternative solution or get the missing package from
different sources than RHEL.
INFO distribution: Directory /root/preupgrade/postupgrade.d/clean_rhel6_pkgs does not exists
INPLACERISK: HIGH: Package python-simplejson (required by NonRH signed package(s):python-rhsm ) removed between RHEL 6 and RHEL 7
INPLACERISK: HIGH: After upgrading to RHEL 7 there are still some el6 packages left. Add --cleanup-post option to redhat-upgrade-tool if you want to remove them automatically.
INPLACERISK: MEDIUM: We detected some packages installed on the system were removed between RHEL 6 and RHEL 7. This may break the functionality of the packages depending on them.
Result for Replaced rpms
Result: fixed
Rule ID: xccdf_preupg_rule_packages_ReplacedPackages_ReplacedPkg
Time: 2020-07-15 17:06
Some rpms were replaced between RHEL 6 and RHEL 7. This content checks for the package replacements from your set of Red Hat packages and generates the list of RH packages/yum groups for RHEL 7 kickstart.
Remediation instructions
Some of the packages were replaced between RHEL 6 and RHEL 7. This meanspackage with different name provides 100% compatible functionality, so we
can replace them automatically in the package set.
For some of the replacements provides were not handled by the packages,
therefore preupgrade asistant migrates them after the upgrade if necessary.
Following packages were replaced:
axis was replaced by java-1.7.0-openjdk
bfa-firmware was replaced by linux-firmware
classpathx-jaf was replaced by java-1.7.0-openjdk
coreutils-libs was replaced by coreutils
cryptsetup-luks-libs was replaced by cryptsetup-libs
cryptsetup-luks was replaced by cryptsetup
db4-devel was replaced by libdb-devel
db4-utils was replaced by libdb-utils
db4 was replaced by libdb
dracut-kernel was replaced by dracut
eject was replaced by util-linux
iptables-ipv6 was replaced by iptables-services
jakarta-commons-collections was replaced by apache-commons-collections
jakarta-commons-dbcp was replaced by apache-commons-dbcp
jakarta-commons-logging was replaced by apache-commons-logging
jakarta-commons-pool was replaced by apache-commons-pool
jpackage-utils was replaced by javapackages-tools
kernel-firmware was replaced by linux-firmware
libudev was replaced by systemd-libs
libusb1 was replaced by libusbx
man was replaced by man-db
mesa-dri-filesystem was replaced by mesa-filesystem
module-init-tools was replaced by kmod
nfs-utils-lib was replaced by libnfsidmap
perl-Compress-Zlib was replaced by perl-IO-Compress
perl-IO-Compress-Base was replaced by perl-IO-Compress
perl-IO-Compress-Bzip2 was replaced by perl-IO-Compress
perl-IO-Compress-Zlib was replaced by perl-IO-Compress
procps was replaced by procps-ng
ql2100-firmware was replaced by linux-firmware
ql2200-firmware was replaced by linux-firmware
ql23xx-firmware was replaced by linux-firmware
ql2400-firmware was replaced by linux-firmware
ql2500-firmware was replaced by linux-firmware
qt-sqlite was replaced by qt
rt61pci-firmware was replaced by linux-firmware
rt73usb-firmware was replaced by linux-firmware
samba4-libs was replaced by samba-libs
util-linux-ng was replaced by util-linux
xorg-x11-drv-ati-firmware was replaced by linux-firmware
yum-plugin-security was replaced by yum
If some NonRH signed package requires these packages, you still may want
to monitor them closely. Although the replacement should be compatible,
it can have some minor differences expectable even in the case of common
application lifecycle.
Result for GMP library incompatibilities
Result: informational
Rule ID: xccdf_preupg_rule_packages_gmp_check_script
Time: 2020-07-15 17:06
Incompatibilities between GMP 4 and GMP 5.1 libraries.
Remediation instructions
GMP 5.1 is compatible with GMP 4 in major features. Incompatible changes affect only functions, which should not be used by user applications at all:- mpn_bdivmod function
- BSDMP-like interface libmp.so
Result for optional channel problems
Result: needs_action
Rule ID: xccdf_preupg_rule_packages_optional-channel_optional
Time: 2020-07-15 17:06
detects upgrade problems with RHEL optional channel
Remediation instructions
Either you have directly enabled some of the Red Hat Enterprise Linux 6'optional' yum repositories on your system, or you have installed some packages
which have been moved from "base" to "optional" repository in Red Hat Enterprise
Linux 7. This will very likely cause fail during upgrade of your system.
Please, provide additional yum repository to redhat-upgrade-tool to make
packages residing in RHEL 7 optional channel updated. For this purpose, use
following additional option for redhat-upgrade-tool:
--addrepo rhel-7-optional=<path to the optional repository>
Optionally, you could remove all packages which reside in RHEL 7 optional
repository before you start the system upgrade.
DEBUG [unknown]: checking problems from CentOS release 6.10 (Final)
INPLACERISK: HIGH: Packages [system-config-firewall-tui libproxy-bin liboil groff libproxy-python wsdl4j libreport-compat libreport-plugin-kerneloops python-pygments apr-util-ldap python-webtest python-zope-interface xz-lzma-compat java_cup libreport-plugin-logger python-webob flac samba-winbind-clients] have been moved to CentOS release 6.10 (Final) Optional channel.
Result for package downgrades
Result: fixed
Rule ID: xccdf_preupg_rule_packages_pkgdowngrades_pkgdowngrades
Time: 2020-07-15 17:06
detects package downgrades from RHEL6 to RHEL7
Remediation instructions
Some packages installed on your system have broken upgrade path from Red HatEnterprise Linux version 6 to version 7 (the version of package is lower in
newer Enterprise Linux).
This does not cause fail of redhat-upgrade-tool run. Packages with broken
upgrade path are fixed by postupgrade script.
~> Optionally, if possible, you may remove packages in question from RHEL 6
system.
Result for General
Result: needs_action
Rule ID: xccdf_preupg_rule_selinux_general_check
Time: 2020-07-15 17:06
There has to be some steps performed in order to have working SELinux on RHEL 7.
Remediation instructions
We have detected that you are using SELinux. There were changes in policies which require to apply custom command before upgrade process. In order to have working SELinux on Red Hat Enterprise Linux 7, you HAVE TO run command prior to running redhat-upgrade-tool:semodule -r sandbox
INPLACERISK: HIGH: There were changes in SELinux policies between RHEL 6 and RHEL 7. Please, check solution in order to resolve this issue.
Result for CUPS Browsing/BrowsePoll configuration
Result: fixed
Rule ID: xccdf_preupg_rule_services_cupsbrowsing_cupsbrowsing
Time: 2020-07-15 17:06
The CUPS Browsing and BrowsePoll configuration directives have been removed from CUPS. A replacement is provided in the form of the cups-browsed service.
File(s) affected:
/etc/cups/cupsd.conf
Remediation instructions
The CUPS Browsing and BrowsePoll configuration directives are no longer handled by CUPS itself. Instead, CUPS uses DNS-SD to advertise print queues on the network. Discovery is performed by the applications. GTK+ applications do this as part of the print dialog implementation. To use DNS-SD, enable the "avahi" service and make sure to allow mDNS (UDP port 5353) through the firewall.
If this solution is not suitable for your site you can continue to use CUPS Browsing as before by using the cups-browsed service. The browsing configuration has been migrated to cleanconf/etc/cups/cups-browsed.conf and the cups-browsed service will be enabled after upgrade.
Result for CVS Package Split
Result: informational
Rule ID: xccdf_preupg_rule_services_cvs_checkscript
Time: 2020-07-15 17:06
Some Concurrent Versions System (CVS) tools and documentation have been moved into separate packages and are no longer provided by the cvs packages.
Remediation instructions
The Concurrent Versions System (CVS) server and client have not been changed significantly and should be fully compatible. However, some tools and documentation have been moved to other packages which could concern some users.The rcs2log and contrib utilities have been moved into the new cvs-contrib packages in order to remove the cvs packages dependency on perl and reduce the size of the cvs packages. If you require the rcs2log and contrib tools, you can install the packages manually by running the "yum install cvs-contrib" command as root.
Additional documentation, such as books concerning CVS tools in the PDF format and revision control system (RCS) specification files, has been moved into the new cvs-doc package to reduce the size of the cvs packages. If you want to access this additional documentation, install the package manually by running the "yum install cvs-doc" command as root. The manual and Texinfo pages are still included in the cvs packages.
These utilities and the supplemental documentation are not used by the CVS client or server. Their absence does not pose a risk when upgrading the cvs packages.
Result for httpd configuration compatibility check
Result: informational
Rule ID: xccdf_preupg_rule_services_httpd_check_script
Time: 2020-07-15 17:06
Checks httpd configuration compatibility
File(s) affected:
/etc/httpd/conf/httpd.conf
Remediation instructions
* httpd.conf does not include conf.modules.d/*.conf. This directory will beincluded automatically.
* httpd.conf loads modules which are loaded in conf.modules.d/*conf
in new httpd version. Following modules will be therefore removed from
httpd.conf:
modules\/mod_actions.so
modules\/mod_alias.so
modules\/mod_auth_basic.so
modules\/mod_auth_digest.so
modules\/mod_authn_anon.so
modules\/mod_authn_dbm.so
modules\/mod_authn_file.so
modules\/mod_authz_dbm.so
modules\/mod_authz_groupfile.so
modules\/mod_authz_host.so
modules\/mod_authz_owner.so
modules\/mod_authz_user.so
modules\/mod_autoindex.so
modules\/mod_cache.so
modules\/mod_deflate.so
modules\/mod_dir.so
modules\/mod_env.so
modules\/mod_expires.so
modules\/mod_ext_filter.so
modules\/mod_headers.so
modules\/mod_include.so
modules\/mod_info.so
modules\/mod_log_config.so
modules\/mod_logio.so
modules\/mod_mime_magic.so
modules\/mod_mime.so
modules\/mod_negotiation.so
modules\/mod_rewrite.so
modules\/mod_setenvif.so
modules\/mod_status.so
modules\/mod_substitute.so
modules\/mod_suexec.so
modules\/mod_userdir.so
modules\/mod_version.so
modules\/mod_vhost_alias.so
modules\/mod_dav.so
modules\/mod_dav_fs.so
modules\/mod_proxy.so
modules\/mod_proxy_ajp.so
modules\/mod_proxy_balancer.so
modules\/mod_proxy_connect.so
modules\/mod_proxy_ftp.so
modules\/mod_proxy_http.so
modules\/mod_disk_cache.so
modules\/mod_cgi.so
modules\/mod_ldap.so
modules\/mod_authnz_ldap.so
modules\/mod_speling.so
modules\/mod_usertrack.so
* httpd.conf loads default modules which have been removed in new version
of httpd. Following modules will be therefore removed from httpd.conf:
modules\/mod_authn_alias.so
modules\/mod_authn_default.so
modules\/mod_authz_default.so
* httpd config files contain deprecated Access control directives Order, Allow,
Deny, and Satisfy. The old access control idioms should be replaced
by the new authentication mechanisms, although for compatibility with old
configurations, the new module mod_access_compat is provided and loaded by
default.
* mod_perl is no longer provided in RHEL7. It is loaded in httpd
configuration but it seems it is not used. This module will be unloaded
automatically.
* "SSLMutex default" is not needed in httpd-2.4 and will be removed
automatically.
* "SSLPassPhraseDialog builtin" should not be used in httpd-2.4 because of
systemd integration.
"SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog" will be used
instead automatically.
* "SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)" should not be used
in httpd-2.4 because of directory change.
"SSLSessionCache shmcb:/run/httpd/sslcache(512000)" will be used instead
automatically.
Read more on http://httpd.apache.org/docs/2.4/upgrading.html to find out solutions for these problems.
This section of solution text shows the difference between this system
configuration of httpd and the default httpd 2.2 configuration:
--- httpd.conf 2014-06-06 06:01:35.000000000 -0700
+++ /etc/httpd//conf/httpd.conf 2020-07-15 15:57:35.070029971 -0700
@@ -987,7 +987,7 @@
#
# Use name-based virtual hosting.
#
-#NameVirtualHost *:80
+NameVirtualHost *:80
#
# NOTE: NameVirtualHost cannot be used without a port specifier
# (e.g. :80) if mod_ssl is being used, due to the nature of the
@@ -1007,3 +1007,5 @@
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>
+
+include /etc/httpd/conf/httpd.vhosts
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cache_module modules/mod_cache.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule expires_module modules/mod_expires.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule headers_module modules/mod_headers.so
LoadModule include_module modules/mod_include.so
LoadModule info_module modules/mod_info.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule status_module modules/mod_status.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule version_module modules/mod_version.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule speling_module modules/mod_speling.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule speling_module modules/mod_speling.so
LoadModule usertrack_module modules/mod_usertrack.so
/etc/httpd//conf/httpd.conf: Order allow,deny
/etc/httpd//conf/httpd.conf:# Order allow,deny
/etc/httpd//conf/httpd.conf:# Order deny,allow
/etc/httpd//conf/httpd.conf: Order allow,deny
/etc/httpd//conf/httpd.conf: Order allow,deny
/etc/httpd//conf/httpd.conf: Order allow,deny
/etc/httpd//conf/httpd.conf: Order allow,deny
/etc/httpd//conf/httpd.conf:# Order deny,allow
/etc/httpd//conf/httpd.conf:# Order deny,allow
/etc/httpd//conf/httpd.conf:# Order deny,allow
/etc/httpd//conf.d/manual.conf: Order allow,deny
/etc/httpd//conf.d/perl.conf:# Order deny,allow
/etc/httpd//conf.d/perl.conf:LoadModule perl_module modules/mod_perl.so
/etc/httpd//conf.d/ssl.conf:SSLMutex default
/etc/httpd//conf.d/ssl.conf:SSLPassPhraseDialog builtin
/etc/httpd//conf.d/ssl.conf:SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
Result for NTP configuration
Result: informational
Rule ID: xccdf_preupg_rule_services_ntp_configuration_ntp
Time: 2020-07-15 17:06
Save ntp and ntpdate configuration files which are not tracked by rpm.
File(s) affected:
/etc/ntp.conf
/etc/ntp/step-tickers
Remediation instructions
The RHEL6 ntp and ntpdate configuration can be used without changes on RHEL7.The following configuration files are modified, but not tracked by rpm,
or not included in the packages:
/etc/ntp.conf
The files have been saved to /root/preupgrade/cleanconf.
Configuration files tracked by rpm are saved to the same directory by rule
"Store modified config files for packages with unchanged version".
Please note that the NTP package installed by default in RHEL7 is chrony.
To switch back to ntp, run "yum install ntp" and "yum remove chrony".
Result for Information on time-sync.target
Result: pass
Rule ID: xccdf_preupg_rule_services_ntp_timesync_timesync
Time: 2020-07-15 17:06
Check if ntpdate service is enabled and print information on starting services with clock set
Result for OpenSSH sshd_config migration content
Result: pass
Rule ID: xccdf_preupg_rule_services_openssh_sshd_openssh-sshd
Time: 2020-07-15 17:06
This content has a aim to convert /etc/ssh/sshd_config file from openssh-server package
File(s) affected:
/etc/ssh/sshd_config
Result for OpenSSH sysconfig migration content
Result: fixed
Rule ID: xccdf_preupg_rule_services_openssh_sysconfig_openssh-sysconfig
Time: 2020-07-15 17:06
This content has a aim to convert /etc/sysconfig/sshd file from openssh-server package
File(s) affected:
/etc/sysconfig/sshd
Remediation instructions
/etc/sysconfig/sshd will not be a shell script in RHEL 7 anymore so all 'export VARIABLE=VALUE' has to be changed to 'VARIABLE=VALUE'.# sed -i 's/^export //' /etc/sysconfig/sshd
There is the /root/preupgrade/cleanconf//etc/sysconfig/sshd with the fixed configuration.
Result for Configuration for quota_nld service
Result: pass
Rule ID: xccdf_preupg_rule_services_quota_nld_configuration_checkscript
Time: 2020-07-15 17:06
Back configuration for quota_nld service up
File(s) affected:
/etc/sysconfig/quota_nld
Result for Disk quota netlink message daemon moved into quota-nld package
Result: pass
Rule ID: xccdf_preupg_rule_services_quota_nld_new_package_checkscript
Time: 2020-07-15 17:06
Install quota-nld package if the quota_nld service is enabled
Result for Luks encrypted partition
Result: pass
Rule ID: xccdf_preupg_rule_storage_luks_check
Time: 2020-07-15 17:06
Checks whether partition is crypted by CRYPTO-LUKS.
Result for State of LVM2 services.
Result: fixed
Rule ID: xccdf_preupg_rule_storage_lvm2-services_check_lvm2_services
Time: 2020-07-15 17:06
Some services are important for proper LVM functionality. This content checks for current state of existing services and makes sure the state is preserved over upgrade. Also, some systemd units should be enabled by default to allow for service's on-demand activation if needed.
Remediation instructions
RHEL7 uses systemd for service management. When upgrading from RHEL6,we need to be sure that certain services (systemd units) are enabled
or prepared for on-demand activation.
The LVM2 monitoring service inherits the old state, which means that if
the 'lvm2-monitor' service was enabled in RHEL6, it will also be enabled
in RHEL7 (lvm2-monitor.service) and vice versa.
In addition to that these systemd units are enabled to allow for on-demand
service activation:
dm-event.socket
lvm2-lvmetad.socket
The dm-event.socket is used for on-demand activation of dm-event.service.
This is an essential part of device-mapper monitoring feature (which also
covers monitoring of LVM devices).
The lvm2-lvmetad.socket is used for on-demand activation of lvm2-lvmetad.service
which starts the lvmetad - LVM metadata daemon that is used to cache LVM
metadata so LVM commands don't need to scan devices all the time and they
can reuse cached metadata. This functionality is used by default in RHEL7.
Result for Configuration for warnquota tool
Result: pass
Rule ID: xccdf_preupg_rule_storage_warnquota_configuration_checkscript
Time: 2020-07-15 17:06
Back configuration for warnquota tool up
File(s) affected:
/etc/quotagrpadmins
/etc/quotatab
/etc/warnquota.conf
Result for Disk quota tool warnquota moved into quota-warnquota package
Result: informational
Rule ID: xccdf_preupg_rule_storage_warnquota_new_package_checkscript
Time: 2020-07-15 17:06
Install quota-warnquota if need warnquota tool
Remediation instructions
Quota tool warnquota(8) has been moved from "quota" package into"quota-warnquota" package.
If you used warnquota on the old system, please install quota-warnquota
package with this command on the new system:
# yum --assumeyes install quota-warnquota
Please do not forget to check warnquota configutation files
(/etc/quotagrpadmins, /etc/quotatab, and /etc/warnquota.conf) before using
the tool.
Please do not forget to install a cron job to execute the warnquota tool
periodically, if you used it on the the old system.
Result for Architecture Support
Result: pass
Rule ID: xccdf_preupg_rule_system_Architecture_architecture
Time: 2020-07-15 17:06
Red Hat Enterprise Linux 7 does not support installations on 32-bit architectures, and performing an in-place upgrade is not possible on 32-bit systems.
Result for Binary rebuilds
Result: needs_inspection
Rule ID: xccdf_preupg_rule_system_BinariesRebuild_check
Time: 2020-07-15 17:07
Check all binaries installed on the assessment system which needs to be rebuilded on the target system
Remediation instructions
This content generates the list of binaries which needs to be rebuiltYou can find the list at:
kickstart/binaries
INPLACERISK: SLIGHT: Some scripts untracked by RPM were discovered on the system and may not work properly after upgrade.
Result for Debuginfo packages
Result: pass
Rule ID: xccdf_preupg_rule_system_Debuginfo_debuginfo
Time: 2020-07-15 17:07
This content checks for debuginfo packages and inform about potential risks for in-place upgrade.
Result for Cluster and High Availablility
Result: pass
Rule ID: xccdf_preupg_rule_system_HA-Cluster_hacluster
Time: 2020-07-15 17:07
Content checks Cluster and High Availability solutions for upgrade.
Result for File Systems, Partitions and Mounts Configuration Review
Result: informational
Rule ID: xccdf_preupg_rule_system_PartitionMounts_partmounts
Time: 2020-07-15 17:07
This module describes the new default file system and stores the partitions and mounts configuration.
Remediation instructions
Red Hat Enterprise Linux 7 now uses the XFS file system as the default file system instead of the ext4 file system. If you intend to migrate the system to another machine or create a new file system, you can consider using XFS instead of ext4. Users who use a Kickstart installation can consider modifying the Kickstart configuration to use XFS.Additionally, information about the partitions and mounts configuration has been saved in the /root/preupgrade/kickstart/ directory. This information can be useful to users who choose to perform a system migration or convert their file systems to XFS.
Result for Read Only FHS directories
Result: pass
Rule ID: xccdf_preupg_rule_system_ReadOnlyFHS_check_script
Time: 2020-07-15 17:07
Check that critical directories of Filesystem Hierarchy Standard are not mounted read-only.
Result for Sonamebumped libs
Result: informational
Rule ID: xccdf_preupg_rule_system_SonameBump_SonameBump
Time: 2020-07-15 17:07
If the dynamic library breaks the API/ABI compatibility, it is supposed to change its soname. This content checks for the soname bumps between RHEL 6 and RHEL 7 in your Red Hat packages.
Remediation instructions
Application developed in C may use dynamic libraries (.so files) to reuse thecommon functions/symbols in the binary. If the library bumped its soname (
changed major version, API/ABI incompatibility), application that depends on
it may not run.
Some of the libraries changed the soname version between Red Hat Enterprise
Linux 6 and Red Hat Enterprise Linux 7.
From your RHEL 6 packages, following libraries changed soname:
libanonymous.so.2 from cyrus-sasl-lib changed to libanonymous.so.3
libbind9.so.80 from bind-libs changed to libbind9.so.90
libcryptsetup.so.1 from cryptsetup-luks-libs changed to libcryptsetup.so.4
libdns.so.81 from bind-libs changed to libdns.so.100
libdricore9.2.0-devel.so.1 from mesa-dri-drivers changed to libdricore9.2.2.so.1
libdrm_nouveau.so.1 from libdrm changed to libdrm_nouveau.so.2
libffi.so.5 from libffi changed to libffi.so.6
libgdbm.so.2 from gdbm changed to libgdbm.so.4
libgmp.so.3 from gmp changed to libgmp.so.10
libgnutls.so.26 from gnutls changed to libgnutls.so.28
libgnutlsxx.so.26 from gnutls changed to libgnutlsxx.so.28
libgs.so.8 from ghostscript changed to libgs.so.9
libgssapiv2.so.2 from cyrus-sasl-gssapi changed to libgssapiv2.so.3
libicudata.so.42 from libicu changed to libicudata.so.50
libicui18n.so.42 from libicu changed to libicui18n.so.50
libicuio.so.42 from libicu changed to libicuio.so.50
libicule.so.42 from libicu changed to libicule.so.50
libiculx.so.42 from libicu changed to libiculx.so.50
libicutu.so.42 from libicu changed to libicutu.so.50
libicuuc.so.42 from libicu changed to libicuuc.so.50
libini_config.so.2 from libini_config changed to libini_config.so.3
libisc.so.83 from bind-libs changed to libisc.so.95
libisccc.so.80 from bind-libs changed to libisccc.so.90
libisccfg.so.82 from bind-libs changed to libisccfg.so.90
libkdb5.so.6 from krb5-libs changed to libkdb5.so.7
liblogin.so.2 from cyrus-sasl-plain changed to liblogin.so.3
libltaudit.so.0.5.9 from latrace changed to libltaudit.so.0.5.11
liblwres.so.80 from bind-libs changed to liblwres.so.90
libmpfr.so.1 from mpfr changed to libmpfr.so.4
libnetsnmp.so.20 from net-snmp-libs changed to libnetsnmp.so.31
libnetsnmpagent.so.20 from net-snmp-libs changed to libnetsnmpagent.so.31
libnetsnmphelpers.so.20 from net-snmp-libs changed to libnetsnmphelpers.so.31
libnetsnmpmibs.so.20 from net-snmp-libs changed to libnetsnmpmibs.so.31
libnetsnmptrapd.so.20 from net-snmp-libs changed to libnetsnmptrapd.so.31
libopenjpeg.so.2 from openjpeg-libs changed to libopenjpeg.so.1
libpcre.so.0 from pcre changed to libpcre.so.1
libplain.so.2 from cyrus-sasl-plain changed to libplain.so.3
libpoppler.so.5 from poppler changed to libpoppler.so.37
libproxy.so.0 from libproxy changed to libproxy.so.1
librpm.so.1 from rpm-libs changed to librpm.so.3
librpmbuild.so.1 from rpm-libs changed to librpmbuild.so.3
librpmio.so.1 from rpm-libs changed to librpmio.so.3
libsasl2.so.2 from cyrus-sasl-lib changed to libsasl2.so.3
libsasldb.so.2 from cyrus-sasl-lib changed to libsasldb.so.3
libtasn1.so.3 from libtasn1 changed to libtasn1.so.6
libtiff.so.3 from libtiff changed to libtiff.so.5
libtiffxx.so.3 from libtiff changed to libtiffxx.so.5
libudev.so.0 from libudev changed to libudev.so.1
libverto.so.0 from krb5-libs changed to libverto.so.1
libxtables.so.4 from iptables changed to libxtables.so.10
We checked the requirements in Non-RH signed packages, but for the non
rpm-packaged binaries, you should check the compatibility list yourself
by using e.g. ldd <binary> command.
If some of your application uses the library on the list above, you will
need to rebuild such package/application against new library.
Red Hat Enterprise Linux applications available on the RHEL 7 will handle
these bumps automatically by the update/migration to new Red Hat Enterprise
Linux as they were already built against these libraries.
INPLACERISK: MEDIUM: We detected some soname bumps in the libraries installed on the system. This may break the functionality of some of your 3rd party applications. They may need rebuild. Please check their requirements.
Result for SonameKept Reusable Dynamic Libraries
Result: informational
Rule ID: xccdf_preupg_rule_system_SonameKept_SonameKept
Time: 2020-07-15 17:07
This module provides an overview of the dynamic libraries from Red Hat Enterprise Linux 6 that can be reused in Red Hat Enterprise Linux 7, as the dynamic libraries remain compatible with both the application programming interface (API) and the application binary interface (ABI).
Remediation instructions
Applications developed in the C programming language can use dynamic libraries (.so files) to reuse common functions and symbols in the binary. When the library changes its soname in a major version, the binaries normally need to be rebuilt for the new system. Some libraries have not changed their soname between Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 so it could be possible to reuse third party applications which use only these libraries without rebuilding.You can find the list of the unchanged dynamic libraries and their package names in the following file: ./kickstart/NoSonameBumpLibs
If it is not clear what libraries the third party binary or RPM uses, it is possible to use the ldd utility for the C binary, or run the "rpm -q --whatrequires SONAME" command for the whole RPM package. No problems are expected to occur if there are only .so files listed in the NoSonameBumpLibs file and unversioned shared libraries.
Result for Removed .so libs
Result: informational
Rule ID: xccdf_preupg_rule_system_SonameRemoval_SonameRemoval
Time: 2020-07-15 17:07
Dynamic libraries are used provides symbols/functions to binaries. Some of the libraries were removed between RHEL 6 and RHEL 7. This content checks for the .so libraries removal between RHEL 6 and RHEL 7 in your Red Hat packages.
Remediation instructions
Application developed in C may use dynamic libraries (.so files) to reuse thecommon functions/symbols in the binary. If the library is missing, application
will not run. Some of the libraries were removed between RHEL 6 and RHEL 7.
From your Red Hat Enterprise Linux 6 packages, following libraries disappeared:
_codecs_iso2022.so from python-libs
db2.so.0 from krb5-libs
libQtAssistantClient.so.4 from qt-x11
libabrt_web.so.0 from libreport
libatlas.so.3 from atlas
libboundparam.so.2 from unixODBC
libbtparser.so.2 from btparser
libcblas.so.3 from atlas
libck-connector.so.0 from ConsoleKit-libs
libclapack.so.3 from atlas
libcloog.so.0 from cloog-ppl
libcupsdriver.so.1 from cups-libs
libdrm_nouveau2.so.2 from libdrm
libeggdbus-1.so.0 from eggdbus
libevent-1.4.so.2 from libevent
libevent_core-1.4.so.2 from libevent
libevent_extra-1.4.so.2 from libevent
libf77blas.so.3 from atlas
libgcj-tools.so.10 from libgcj
libgcj.so.10 from libgcj
libgcj_bc.so.1 from libgcj
libgij.so.10 from libgcj
libgnutls-extra.so.26 from gnutls
libgpgme-pth.so.11 from gpgme
libgssglue.so.1 from libgssglue
libgtrtst.so.2 from unixODBC
libhal-storage.so.1 from hal-libs
libhal.so.1 from hal-libs
libhunspell-1.2.so.0 from hunspell
libipq.so.0 from iptables
liblcms.so.1 from lcms-libs
libldif-2.4.so.2 from openldap
libmp.so.3 from gmp
libnih-dbus.so.1 from libnih
libnih.so.1 from libnih
libnss_winbind.so.2 from samba-winbind-clients
libnss_wins.so.2 from samba-winbind-clients
libpangox-1.0.so.0 from pango
libparted-2.1.so.0 from parted
libpolkit-backend-1.so.0 from polkit
libppl.so.7 from ppl
libppl_c.so.2 from ppl
libptcblas.so.3 from atlas
libptf77blas.so.3 from atlas
libpython2.6.so.1.0 from python-libs
librpcsecgss.so.3 from nfs-utils-lib
libsnmp.so.20 from net-snmp-libs
libstdc++-libc6.2-2.so.3 from libstdc++
libtidy-0.99.so.0 from libtidy
libusbpp-0.1.so.4 from libusb
libverto-k5ev.so.0 from krb5-libs
We checked the requirements in Non-RH signed packages, but for the non
rpm-packaged binaries, you should check the compatibility list yourself
by using e.g. ldd <binary> command.
If some of your application uses the library on the list above, you may need
to get the .so library from different place or search for an alternative.
INPLACERISK: MEDIUM: We detected some .so libraries installed on the system were removed between RHEL 6 and RHEL 7. This may break the functionality of some of your 3rd party applications.
Result for In-place Upgrade Requirements for the /usr/ Directory
Result: pass
Rule ID: xccdf_preupg_rule_system_UsrPartition_usr
Time: 2020-07-15 17:07
This module determines if the /usr/ directory is located on a separate partition.
Result for CA certificate bundles modified
Result: pass
Rule ID: xccdf_preupg_rule_system_ca-certificates_checkbundles
Time: 2020-07-15 17:07
Later versions of RHEL include a shared store for certificate authorities. Additional trusted certificate authorities must be placed in the new location rather that modifying the distributed certificate authority bundles. The Preupgrade assistant cannot automatically identify how certificate bundles have been modified on this system.
Result for Developer Tool Set packages
Result: pass
Rule ID: xccdf_preupg_rule_system_dts_dts
Time: 2020-07-15 17:07
Content checks whether Red Hat Developer Tool Set packages are installed.
Result for Hyper-V
Result: pass
Rule ID: xccdf_preupg_rule_system_hyperv_check
Time: 2020-07-15 17:07
Check if this system runs on Hyper-V.
Result for Content for enabling and disabling services based on RHEL 6 system
Result: informational
Rule ID: xccdf_preupg_rule_system_initscripts_control_check
Time: 2020-07-15 17:08
The content checks what services are enabled or disabled on assessment system and if the services will be enabled or disabled on RHEL 7 system.
Remediation instructions
The content detects some services who are disabled by default on Red Hat Enterprise Linux 7 system.
INPLACERISK: HIGH: The service autofs on RHEL 7 is disabled by default. Enable them via commands: systemctl enable autofs && systemctl start autofs.service .
INPLACERISK: HIGH: The service blk-availability on RHEL 7 is disabled by default. Enable them via commands: systemctl enable blk-availability && systemctl start blk-availability.service .
INPLACERISK: HIGH: The service certmonger on RHEL 7 is disabled by default. Enable them via commands: systemctl enable certmonger && systemctl start certmonger.service .
INPLACERISK: HIGH: The service cpuspeed on RHEL 7 is disabled by default. Enable them via commands: systemctl enable cpuspeed && systemctl start cpuspeed.service .
INPLACERISK: HIGH: The service haldaemon on RHEL 7 is disabled by default. Enable them via commands: systemctl enable haldaemon && systemctl start haldaemon.service .
INPLACERISK: HIGH: The service httpd on RHEL 7 is disabled by default. Enable them via commands: systemctl enable httpd && systemctl start httpd.service .
INPLACERISK: HIGH: The service ip6tables on RHEL 7 is disabled by default. Enable them via commands: systemctl enable ip6tables && systemctl start ip6tables.service .
INPLACERISK: HIGH: The service iptables on RHEL 7 is disabled by default. Enable them via commands: systemctl enable iptables && systemctl start iptables.service .
INPLACERISK: HIGH: The service messagebus on RHEL 7 is disabled by default. Enable them via commands: systemctl enable messagebus && systemctl start messagebus.service .
INPLACERISK: HIGH: The service netfs on RHEL 7 is disabled by default. Enable them via commands: systemctl enable netfs && systemctl start netfs.service .
INPLACERISK: HIGH: The service network on RHEL 7 is disabled by default. Enable them via commands: systemctl enable network && systemctl start network.service .
INPLACERISK: HIGH: The service nfslock on RHEL 7 is disabled by default. Enable them via commands: systemctl enable nfslock && systemctl start nfslock.service .
INPLACERISK: HIGH: The service ntpd on RHEL 7 is disabled by default. Enable them via commands: systemctl enable ntpd && systemctl start ntpd.service .
INPLACERISK: HIGH: The service portreserve on RHEL 7 is disabled by default. Enable them via commands: systemctl enable portreserve && systemctl start portreserve.service .
INPLACERISK: HIGH: The service rpcgssd on RHEL 7 is disabled by default. Enable them via commands: systemctl enable rpcgssd && systemctl start rpcgssd.service .
INPLACERISK: HIGH: The service snmpd on RHEL 7 is disabled by default. Enable them via commands: systemctl enable snmpd && systemctl start snmpd.service .
INPLACERISK: HIGH: The service udev-post on RHEL 7 is disabled by default. Enable them via commands: systemctl enable udev-post && systemctl start udev-post.service .
INPLACERISK: HIGH: The service vsftpd on RHEL 7 is disabled by default. Enable them via commands: systemctl enable vsftpd && systemctl start vsftpd.service .
Result for Check for ethernet interface naming
Result: pass
Rule ID: xccdf_preupg_rule_system_initscripts_ifcfg_check
Time: 2020-07-15 17:08
The content checks if network interface names set through /etc/sysconfig/network-scripts/ifcfg-* files are compatible with device naming in Red Hat Enterprise Linux 7.
Result for User modification in /etc/rc.local and /etc/rc.d/rc.local
Result: pass
Rule ID: xccdf_preupg_rule_system_initscripts_rc-local_rclocal
Time: 2020-07-15 17:08
The content checks whether user modifies files /etc/rc.local and /etc/rc.d/rc.local
Result for Plugable authentication modules (PAM)
Result: pass
Rule ID: xccdf_preupg_rule_system_pam_pam
Time: 2020-07-15 17:08
Content checks for no-longer supported pluggable authentication modules
Result for Foreign Perl modules
Result: informational
Rule ID: xccdf_preupg_rule_system_perl_check
Time: 2020-07-15 17:10
Find Perl modules which need to be checked for proper functionality with newer Perl version on the Red Hat Enterprise Linux 7 system because they are not distributed by Red Hat
Remediation instructions
Perl was updated from version 5.10 to version 5.16. Please read Perlsection in the Red Hat Enterprise Linux 7 Developer Guide for more details.
Following Perl module files located in system Perl paths are either not
handled by any package or not signed by Red Hat:
Result for Python 2.7.5
Result: needs_inspection
Rule ID: xccdf_preupg_rule_system_python_check
Time: 2020-07-15 17:10
This module provides you with a list of packages that need to be rebuilt for version 2.7.5 of the Python programming language that is shipped with Red Hat Enterprise Linux 7.
Remediation instructions
This solution text contains a list of packages that need to be rebuilt for Python 2.7.5, which is shipped with Red Hat Enterprise Linux 7.Red Hat Enterprise Linux 7 contains Python version 2.7.5. For information about the differences from older versions and for further details, see https://access.redhat.com/site/articles/676453.
The files and directories listed below are not owned by any RPM package or are owned by an RPM package that is not signed by Red Hat. These packages need to be rebuilt and reinstalled in order to work with Python 2.7.5. You can find more details at https://access.redhat.com/site/articles/676453.
INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/paste is owned by an RPM package that was not signed by Red Hat.
INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/peak is owned by an RPM package that was not signed by Red Hat.
INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/preup is owned by an RPM package that was not signed by Red Hat.
INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/preupgrade_assistant-0.9.1-py2.6.egg-info is owned by an RPM package that was not signed by Red Hat.
INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/redhat_upgrade_tool is owned by an RPM package that was not signed by Red Hat.
INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/repoze is owned by an RPM package that was not signed by Red Hat.
INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/zope is owned by an RPM package that was not signed by Red Hat.
INPLACERISK: SLIGHT: /usr/lib64/python2.6/site-packages/report is not owned by any RPM package.
INPLACERISK: SLIGHT: /usr/lib64/python2.6/site-packages/reportclient is not owned by any RPM package.
INPLACERISK: SLIGHT: /usr/lib64/python2.6/site-packages/rhsm is owned by an RPM package that was not signed by Red Hat.
INPLACERISK: SLIGHT: /usr/lib64/python2.6/site-packages/rhsm-1.9.7-py2.6.egg-info is owned by an RPM package that was not signed by Red Hat.
Result for SCL collections
Result: pass
Rule ID: xccdf_preupg_rule_system_scl-collection_scl
Time: 2020-07-15 17:10
Content checks whether RHSCL are installed
Result for System kickstart
Result: pass
Rule ID: xccdf_preupg_rule_system_system-kickstart_ks
Time: 2020-07-15 17:10
Copy system kickstart from /root/ to directory with results
Result for YUM
Result: informational
Rule ID: xccdf_preupg_rule_system_yum_yum
Time: 2020-07-15 17:10
Content checks YUM configuration file
Remediation instructions
In RHEL 7 functionality of yum-plugin-security is a part of yum core.After the upgrade it will be impossible to undo/redo/rollback to pre-upgrade yum transactions. Please run 'yum history new' after the upgrade to start a new history file.
The way yum groups work has changed in RHEL 7. By default yum treats groups as objects now. Please refer to the documentation for more information.
Result for Check for usage of dangerous range of UID/GIDs
Result: needs_inspection
Rule ID: xccdf_preupg_rule_usrmgmt_DangerousRanges_dangerousranges
Time: 2020-07-15 17:10
In RHEL 6, limit for system accounts was 500, in RHEL 7 it was raised to 1000. Therefore some user accounts might be in this range. In addition, usage of unreserved ids between 0 and 200 is prohibited. This content checks for these two violations of standards which may bring issues during migration.
Remediation instructions
On Red Hat Enterprise Linux 6, system account ids were bellow 500.This changes on Red Hat Enterprise Linux 7, range reserved for
system account is now 0-999. This may cause troubles for the
migration. In addition, range 0-199 is prohibited to use without
static id reservation in setup package. Id's in this range might
be reserved and used later by some package, thus using them may cause
malfunction of such package.
Following problems were found on your system:
User "brianh" uses id 500 - this is in the range of system accounts.
User "webdevel" uses id 501 - this is in the range of system accounts.
group "brianh" uses id 500 - this is in the range of system accounts.
group "webdevel" uses id 501 - this is in the range of system accounts.
These accounts should be migrated into the "safe" zone above 1000!
As an alternative, you can change the default ranges in /etc/login.defs to
the old RHEL 6 values if you require this by your system setup settings.
Result for Incorrect usage of reserved UID/GIDs
Result: needs_inspection
Rule ID: xccdf_preupg_rule_usrmgmt_ReservedIDs_reservedids
Time: 2020-07-15 17:10
Reserved user and group IDs by setup package changed between the RHEL 6 and RHEL 7. This may in some cases cause the unfunctionality of your system after the migration. This check should mitigate the risks.
Remediation instructions
Packages may create system accounts with static ids based on the reservationin /usr/share/doc/setup-*/uidgid file. If you have some violations against the
uidgid file reservation, applications might not work properly or it may cause
some unexpected behaviour. As the reservations between releases of Red Hat
Enterprise Linux might differ, please check carefully findings bellow.
Especially cases when id reserved by some application is used by different
account are really important. Using different account then reserved might
cause interoperability issues.
Invalid gid used for games account - now 100, should be 20.
This may cause troubles when exact static user id is expected by some application.
Invalid uid used for tomcat account - now 91, should be 53.
This may cause troubles when exact static user id is expected by some application.
Invalid gid used for tomcat account - now 91, should be 53.
This may cause troubles when exact static user id is expected by some application.
Id 91 reserved for majordomo is used by tomcat
Account majordomo should be created by the package(s) majordomo. If you plan to use them on system, it may cause troubles as the account majordomo might not be created properly.
Id 91 reserved for majordomo is used by tomcat
Account majordomo should be created by the package(s) majordomo. If you plan to use them on system, it may cause troubles as the account majordomo might not be created properly.
These issues usually don't cause critical failures, but in rare cases can
contribute to some hard to analyze failures in the case that the system id
values are hard-coded in the application.
INFO distribution: Incorrect shell used for adm account - now /sbin/nologin, should be /bin/bash based on reservation data
WARNING distribution: Invalid gid used for games account - now 100, should be 20.
INFO distribution: Incorrect shell used for rpcuser account - now /sbin/nologin, should be /bin/false based on reservation data
INFO distribution: Incorrect homedir used for rpc account - now /var/cache/rpcbind, should be / based on reservation data
INFO distribution: Incorrect shell used for rpc account - now /sbin/nologin, should be /bin/false based on reservation data
INFO distribution: Incorrect shell used for apache account - now /sbin/nologin, should be /bin/false based on reservation data
WARNING distribution: Invalid uid used for tomcat account - now 91, should be 53.
WARNING distribution: Invalid gid used for tomcat account - now 91, should be 53.
INFO distribution: Incorrect homedir used for tomcat account - now /usr/share/tomcat6, should be /var/lib/tomcat based on reservation data
INFO distribution: Incorrect homedir used for webalizer account - now /var/www/usage, should be /var/www/html/usage based on reservation data
INFO distribution: Incorrect shell used for postfix account - now /sbin/nologin, should be /bin/true based on reservation data
WARNING distribution: Id 91 reserved for majordomo is used by tomcat
WARNING distribution: Id 91 reserved for majordomo is used by tomcat