<def-group>

{{%- set package_removed_test_id = "test_service_" + SERVICENAME + "_package_" + PACKAGENAME + "_removed" -%}}

{{% if init_system == "systemd" and target_oval_version >= [5, 11] %}}

  {{# we are using systemd and our target OVAL version does support the systemd related tests #}}

  <definition class="compliance" id="{{{ _RULE_ID }}}" version="1">
    {{{ oval_metadata("The " + SERVICENAME + " service should be disabled if possible.", affected_platforms=["multi_platform_all"]) }}}
    <criteria comment="package {{{ PACKAGENAME }}} removed or service {{{ SERVICENAME }}} is not configured to start" operator="OR">
      <criterion comment="{{{ PACKAGENAME }}} removed" test_ref="{{{ package_removed_test_id }}}" />
      <criteria operator="AND" comment="service {{{ SERVICENAME }}} is not configured to start">
        <criterion comment="{{{ SERVICENAME }}} is not running" test_ref="test_service_not_running_{{{ SERVICENAME }}}" />
        {{%- if MASK_SERVICE %}}
        <criterion comment="Property LoadState of service {{{ SERVICENAME }}} is masked" test_ref="test_service_loadstate_is_masked_{{{ SERVICENAME }}}" />
        <criterion comment="Property FragmentPath of service {{{ SERVICENAME }}} is set to /dev/null" test_ref="test_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}" />
        {{%- else %}}
        <criterion comment="{{{ SERVICENAME }}} not wanted by multi-user.target" test_ref="test_{{{ SERVICENAME }}}_not_wanted_by_multi_user_target" />
        <criterion comment="{{{ SERVICENAME }}} socket not wanted by multi-user.target" test_ref="test_{{{ SERVICENAME }}}_socket_not_wanted_by_multi_user_target" />
        {{%- endif %}}
      </criteria>
    </criteria>
  </definition>

  <linux:systemdunitdependency_test check="all" check_existence="any_exist" comment="systemd test" id="test_{{{ SERVICENAME }}}_not_wanted_by_multi_user_target" version="1">
    <linux:object object_ref="object_multi_user_target_for_{{{ SERVICENAME }}}_disabled" />
    <linux:state state_ref="state_systemd_{{{ SERVICENAME }}}_off"/>
  </linux:systemdunitdependency_test>
  <linux:systemdunitdependency_object id="object_multi_user_target_for_{{{ SERVICENAME }}}_disabled" comment="list of dependencies of multi-user.target" version="1">
    <linux:unit>multi-user.target</linux:unit>
  </linux:systemdunitdependency_object>
  <linux:systemdunitdependency_state id="state_systemd_{{{ SERVICENAME }}}_off" comment="{{{ SERVICENAME }}} service is not listed in the dependencies" version="1">
    <linux:dependency entity_check="none satisfy">{{{ SERVICENAME }}}.service</linux:dependency>
  </linux:systemdunitdependency_state>

  <linux:systemdunitdependency_test check="all" check_existence="any_exist" comment="systemd test" id="test_{{{ SERVICENAME }}}_socket_not_wanted_by_multi_user_target" version="1">
    <linux:object object_ref="object_multi_user_target_for_{{{ SERVICENAME }}}_socket_disabled" />
    <linux:state state_ref="state_systemd_{{{ SERVICENAME }}}_socket_off"/>
  </linux:systemdunitdependency_test>
  <linux:systemdunitdependency_object id="object_multi_user_target_for_{{{ SERVICENAME }}}_socket_disabled" comment="list of dependencies of multi-user.target" version="1">
    <linux:unit>multi-user.target</linux:unit>
  </linux:systemdunitdependency_object>
  <linux:systemdunitdependency_state id="state_systemd_{{{ SERVICENAME }}}_socket_off" comment="{{{ SERVICENAME }}} socket is not listed in the dependencies" version="1">
    <linux:dependency entity_check="none satisfy">{{{ SERVICENAME }}}.socket</linux:dependency>
  </linux:systemdunitdependency_state>

  <linux:systemdunitproperty_test id="test_service_not_running_{{{ SERVICENAME }}}" check="all" check_existence="any_exist" comment="Test that the {{{ SERVICENAME }}} service is not running" version="1">
    <linux:object object_ref="obj_service_not_running_{{{ SERVICENAME }}}"/>
    <linux:state state_ref="state_service_not_running_{{{ SERVICENAME }}}"/>
  </linux:systemdunitproperty_test>
  <linux:systemdunitproperty_object id="obj_service_not_running_{{{ SERVICENAME }}}" comment="Retrieve the ActiveState property of {{{ SERVICENAME }}}" version="1">
    <linux:unit operation="pattern match">^{{{ SERVICENAME }}}\.(service|socket)$</linux:unit>
    <linux:property>ActiveState</linux:property>
  </linux:systemdunitproperty_object>
  <linux:systemdunitproperty_state id="state_service_not_running_{{{ SERVICENAME }}}" version="1" comment="{{{ SERVICENAME }}} is not running">
      <linux:value>inactive</linux:value>
  </linux:systemdunitproperty_state>
{{%- if MASK_SERVICE %}}
  <linux:systemdunitproperty_test id="test_service_loadstate_is_masked_{{{ SERVICENAME }}}" check="all" check_existence="any_exist" comment="Test that the property LoadState from the service {{{ SERVICENAME }}} is masked" version="1">
    <linux:object object_ref="obj_service_loadstate_is_masked_{{{ SERVICENAME }}}"/>
    <linux:state state_ref="state_service_loadstate_is_masked_{{{ SERVICENAME }}}"/>
  </linux:systemdunitproperty_test>
  <linux:systemdunitproperty_object id="obj_service_loadstate_is_masked_{{{ SERVICENAME }}}" comment="Retrieve the LoadState property of {{{ SERVICENAME }}}" version="1">
    <linux:unit operation="pattern match">^{{{ SERVICENAME }}}\.(service|socket)$</linux:unit>
    <linux:property>LoadState</linux:property>
  </linux:systemdunitproperty_object>
  <linux:systemdunitproperty_state id="state_service_loadstate_is_masked_{{{ SERVICENAME }}}" version="1" comment="LoadState is set to masked">
      <linux:value>masked</linux:value>
  </linux:systemdunitproperty_state>

  <linux:systemdunitproperty_test id="test_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}" check="all" check_existence="any_exist" comment="Test that the property FragmentPath from the service {{{ SERVICENAME }}} is set to /dev/null" version="1">
    <linux:object object_ref="obj_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}"/>
    <linux:state state_ref="state_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}"/>
  </linux:systemdunitproperty_test>
  <linux:systemdunitproperty_object id="obj_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}" comment="Retrieve the FragmentPath property of {{{ SERVICENAME }}}" version="1">
    <linux:unit operation="pattern match">^{{{ SERVICENAME }}}\.(service|socket)$</linux:unit>
    <linux:property>FragmentPath</linux:property>
  </linux:systemdunitproperty_object>
  <linux:systemdunitproperty_state id="state_service_fragmentpath_is_dev_null_{{{ SERVICENAME }}}" version="1" comment="FragmentPath is set to /dev/null">
      <linux:value>/dev/null</linux:value>
  </linux:systemdunitproperty_state>
{{%- endif %}}


{{% else %}}

  {{% if init_system != "systemd" %}}
  {{# we are not using systemd, it doesn't matter if we can or cannot use OVAL 5.11, let us just use the runlevel test #}}

  <definition class="compliance" id="{{{ _RULE_ID }}}"
  version="1">
    {{{ oval_metadata("The " + SERVICENAME + " service should be disabled if possible.", affected_platforms=["multi_platform_all"]) }}}
   <criteria comment="package {{{ PACKAGENAME }}} removed or service {{{ SERVICENAME }}} is not configured to start" operator="OR">
    <criterion comment="{{{ PACKAGENAME }}} removed" test_ref="{{{ package_removed_test_id }}}" />
    <criteria operator="AND" comment="service {{{ SERVICENAME }}} is not configured to start">
      <criterion comment="{{{ SERVICENAME }}} runlevel 0" test_ref="test_runlevel0_{{{ SERVICENAME }}}_off" />
      <criterion comment="{{{ SERVICENAME }}} runlevel 1" test_ref="test_runlevel1_{{{ SERVICENAME }}}_off" />
      <criterion comment="{{{ SERVICENAME }}} runlevel 2" test_ref="test_runlevel2_{{{ SERVICENAME }}}_off" />
      <criterion comment="{{{ SERVICENAME }}} runlevel 3" test_ref="test_runlevel3_{{{ SERVICENAME }}}_off" />
      <criterion comment="{{{ SERVICENAME }}} runlevel 4" test_ref="test_runlevel4_{{{ SERVICENAME }}}_off" />
      <criterion comment="{{{ SERVICENAME }}} runlevel 5" test_ref="test_runlevel5_{{{ SERVICENAME }}}_off" />
      <criterion comment="{{{ SERVICENAME }}} runlevel 6" test_ref="test_runlevel6_{{{ SERVICENAME }}}_off" />
    </criteria>
    </criteria>
  </definition>
  <unix:runlevel_test check="all" check_existence="any_exist"
  comment="Runlevel test" id="test_runlevel0_{{{ SERVICENAME }}}_off"
  version="2">
    <unix:object object_ref="obj_runlevel0_{{{ SERVICENAME }}}_off" />
    <unix:state state_ref="state_service_{{{ SERVICENAME }}}_off" />
  </unix:runlevel_test>
  <unix:runlevel_test check="all" check_existence="any_exist"
  comment="Runlevel test" id="test_runlevel1_{{{ SERVICENAME }}}_off"
  version="2">
    <unix:object object_ref="obj_runlevel1_{{{ SERVICENAME }}}_off" />
    <unix:state state_ref="state_service_{{{ SERVICENAME }}}_off" />
  </unix:runlevel_test>
  <unix:runlevel_test check="all" check_existence="any_exist"
  comment="Runlevel test" id="test_runlevel2_{{{ SERVICENAME }}}_off"
  version="2">
    <unix:object object_ref="obj_runlevel2_{{{ SERVICENAME }}}_off" />
    <unix:state state_ref="state_service_{{{ SERVICENAME }}}_off" />
  </unix:runlevel_test>
  <unix:runlevel_test check="all" check_existence="any_exist"
  comment="Runlevel test" id="test_runlevel3_{{{ SERVICENAME }}}_off"
  version="2">
    <unix:object object_ref="obj_runlevel3_{{{ SERVICENAME }}}_off" />
    <unix:state state_ref="state_service_{{{ SERVICENAME }}}_off" />
  </unix:runlevel_test>
  <unix:runlevel_test check="all" check_existence="any_exist"
  comment="Runlevel test" id="test_runlevel4_{{{ SERVICENAME }}}_off"
  version="2">
    <unix:object object_ref="obj_runlevel4_{{{ SERVICENAME }}}_off" />
    <unix:state state_ref="state_service_{{{ SERVICENAME }}}_off" />
  </unix:runlevel_test>
  <unix:runlevel_test check="all" check_existence="any_exist"
  comment="Runlevel test" id="test_runlevel5_{{{ SERVICENAME }}}_off"
  version="2">
    <unix:object object_ref="obj_runlevel5_{{{ SERVICENAME }}}_off" />
    <unix:state state_ref="state_service_{{{ SERVICENAME }}}_off" />
  </unix:runlevel_test>
  <unix:runlevel_test check="all" check_existence="any_exist"
  comment="Runlevel test" id="test_runlevel6_{{{ SERVICENAME }}}_off"
  version="2">
    <unix:object object_ref="obj_runlevel6_{{{ SERVICENAME }}}_off" />
    <unix:state state_ref="state_service_{{{ SERVICENAME }}}_off" />
  </unix:runlevel_test>
  <unix:runlevel_object id="obj_runlevel0_{{{ SERVICENAME }}}_off" version="1">
    <unix:service_name>{{{ SERVICENAME }}}</unix:service_name>
    <unix:runlevel operation="equals">0</unix:runlevel>
  </unix:runlevel_object>
  <unix:runlevel_object id="obj_runlevel1_{{{ SERVICENAME }}}_off" version="1">
    <unix:service_name>{{{ SERVICENAME }}}</unix:service_name>
    <unix:runlevel operation="equals">1</unix:runlevel>
  </unix:runlevel_object>
  <unix:runlevel_object id="obj_runlevel2_{{{ SERVICENAME }}}_off" version="1">
    <unix:service_name>{{{ SERVICENAME }}}</unix:service_name>
    <unix:runlevel operation="equals">2</unix:runlevel>
  </unix:runlevel_object>
  <unix:runlevel_object id="obj_runlevel3_{{{ SERVICENAME }}}_off" version="1">
    <unix:service_name>{{{ SERVICENAME }}}</unix:service_name>
    <unix:runlevel operation="equals">3</unix:runlevel>
  </unix:runlevel_object>
  <unix:runlevel_object id="obj_runlevel4_{{{ SERVICENAME }}}_off" version="1">
    <unix:service_name>{{{ SERVICENAME }}}</unix:service_name>
    <unix:runlevel operation="equals">4</unix:runlevel>
  </unix:runlevel_object>
  <unix:runlevel_object id="obj_runlevel5_{{{ SERVICENAME }}}_off" version="1">
    <unix:service_name>{{{ SERVICENAME }}}</unix:service_name>
    <unix:runlevel operation="equals">5</unix:runlevel>
  </unix:runlevel_object>
  <unix:runlevel_object id="obj_runlevel6_{{{ SERVICENAME }}}_off" version="1">
    <unix:service_name>{{{ SERVICENAME }}}</unix:service_name>
    <unix:runlevel operation="equals">6</unix:runlevel>
  </unix:runlevel_object>
  <unix:runlevel_state comment="not configured to start" id="state_service_{{{ SERVICENAME }}}_off" version="1">
    <unix:start datatype="boolean">false</unix:start>
    <unix:kill datatype="boolean">true</unix:kill>
  </unix:runlevel_state>

  {{% else %}}

  {{# fallback if we are using systemd but can't use the new systemd features of OVAL 5.11 #}}

  <definition class="compliance" id="{{{ _RULE_ID }}}" version="2">
    {{{ oval_metadata("The " + SERVICENAME + " service should be disabled if possible.", affected_platforms=["multi_platform_all"]) }}}
    <criteria comment="package {{{ PACKAGENAME }}} removed or service and socket {{{ SERVICENAME }}} are not configured to start" operator="OR">
      <criterion comment="{{{ PACKAGENAME }}} removed" test_ref="{{{ package_removed_test_id }}}" />
      <criteria operator="AND" comment="service and socket {{{ SERVICENAME }}} are disabled">
        <criterion comment="{{{ SERVICENAME }}} disabled in multi-user.target" test_ref="test_{{{ SERVICENAME }}}_disabled_multi_user_target" />
        <criterion comment="{{{ SERVICENAME }}} socket disabled in sockets.target" test_ref="test_{{{ SERVICENAME }}}_socket_disabled_sockets_target" />
      </criteria>
    </criteria>
  </definition>

  <unix:file_test check="all" check_existence="none_exist"
   comment="look for {{{ SERVICENAME }}}.service in /etc/systemd/system/multi-user.target.wants"
   id="test_{{{ SERVICENAME }}}_disabled_multi_user_target" version="1">
    <unix:object object_ref="object_{{{ SERVICENAME }}}_disabled_multi_user_target" />
  </unix:file_test>

  <unix:file_object comment="look for {{{ SERVICENAME }}}.service in /etc/systemd/system/multi-user.target.wants"
   id="object_{{{ SERVICENAME }}}_disabled_multi_user_target" version="1">
    <unix:filepath>/etc/systemd/system/multi-user.target.wants/{{{ SERVICENAME }}}.service</unix:filepath>
    <filter action="include">unit_{{{ SERVICENAME }}}_state_symlink</filter>
  </unix:file_object>

  <unix:file_test check="all" check_existence="none_exist"
   comment="look for {{{ SERVICENAME }}}.socket in /etc/systemd/system/sockets.target.wants"
   id="test_{{{ SERVICENAME }}}_socket_disabled_sockets_target" version="1">
    <unix:object object_ref="object_{{{ SERVICENAME }}}_socket_disabled_sockets_target" />
  </unix:file_test>

  <unix:file_object comment="look for {{{ SERVICENAME }}}.socket in /etc/systemd/system/sockets.target.wants"
   id="object_{{{ SERVICENAME }}}_socket_disabled_sockets_target" version="1">
    <unix:filepath>/etc/systemd/system/sockets.target.wants/{{{ SERVICENAME }}}.socket</unix:filepath>
    <filter action="include">unit_{{{ SERVICENAME }}}_state_symlink</filter>
  </unix:file_object>

  <unix:file_state id="unit_{{{ SERVICENAME }}}_state_symlink" version="1">
    <unix:type operation="equals">symbolic link</unix:type>
  </unix:file_state>

  {{% endif %}}

{{% endif %}}

{{{ oval_test_package_removed(package=PACKAGENAME, test_id=package_removed_test_id) }}}

</def-group>
