Risk Factor: high (inhibitor)
Title: Unsupported vsftpd configuration
Summary: tcp_wrappers support has been removed in BCLinux8. Some configuration files set the tcp_wrappers option to true and there is some vsftpd-related configuration in /etc/hosts.deny or /etc/hosts.allow. Please migrate it manually. Firewalld can be used as a firewall level replacement for TCP Wrappers.The list of problematic configuration files:
    - /etc/vsftpd/vsftpd.conf
Key: 0edde684a9fc7731f765c7aad1acdbfc0b8078a8
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: high (inhibitor)
Title: The pam_tally2 pam module(s) no longer available
Summary: The services system-auth-ac using PAM are configured to use pam_tally2 module(s), which is no longer available in Red Hat Enterprise Linux 8.
Remediation: [hint] If you depend on its functionality, it is recommended to migrate to pam_faillock. Otherwise please remove the pam module(s) from all the files under /etc/pam.d/.
Key: ce6abfb001da076686ffdd4ab61d28eb12d12569
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: high (inhibitor)
Title: TCP Wrappers configuration affects some installed packages
Summary: tcp_wrappers support has been removed in BCLinux 8. There is some configuration affecting installed packages (namely audit, rpcbind, quota, nfs-utils) in /etc/hosts.deny or /etc/hosts.allow, which is no longer going to be effective after update. Firewalld can be used as a firewall level replacement for TCP Wrappers.Please migrate it manually.
Key: 80bfa2b5a317cdd7a88a8742f7447b8cb65d0848
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: high
Title: Found some active modules not signed by bclinux, redhat or centos
Summary: The following active modules are not signed by bclinux, redhat or centos, please make sure they can be compat with new kernel:
- binfmt_misc
- iptable_filter
- vmw_vsock_vmci_transport
- vsock
- sb_edac
- iosf_mbi
- crc32_pclmul
- ghash_clmulni_intel
- aesni_intel
- lrw
- gf128mul
- glue_helper
- ppdev
- ablk_helper
- cryptd
- vmw_balloon
- joydev
- pcspkr
- sg
- parport_pc
- parport
- i2c_piix4
- vmw_vmci
- ip_tables
- xfs
- libcrc32c
- sr_mod
- cdrom
- sd_mod
- crc_t10dif
- crct10dif_generic
- ata_generic
- pata_acpi
- crct10dif_pclmul
- crct10dif_common
- crc32c_intel
- vmwgfx
- serio_raw
- drm_kms_helper
- syscopyarea
- ahci
- sysfillrect
- sysimgblt
- fb_sys_fops
- ttm
- libahci
- vmw_pvscsi
- vmxnet3
- drm
- ata_piix
- libata
- drm_panel_orientation_quirks
- nfit
- libnvdimm
- dm_mirror
- dm_region_hash
- dm_log
- dm_mod
Key: 0ff561a602a6fa300e3e5014e0287020394ccddf
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: high
Title: systemd related configs have importand changes in new version
Summary: /etc/systemd/journal.conf import two options: SystemMaxFiles and RuntimeMaxFiles. These two options are used to limit the count of journal files, default is 100. So in BCLinux8, the default journal files will be 100, and the journal files olderthan 100 will be removed, thus system logs will be lost when os has large number of logs.
/etc/systemd/journal.conf move option ForwordToSyslog from yes to no by default, this means that logs recevied by journal are no longer forwarded to syslog by default, BCLinux8 use rsyslog by default and rsyslog reads directly journal data.
/etc/systemd/system.conf rename CrashChVT to CrashChangeVT, the old options are still compatible, but the valut meaning of CrashChangeVT has changed. BCLinux7 accepts int type parameters, where a positive number represents the virtual terminal corresponding to this number when systemd crashes, such as /dev/tty1, and a zero or negative number indicates that systemd does not switch virtual terminals when systemd crashes. In bclinux8, it accepts positive or bool type parameters, but it is still compatible with the old parameter types. A positive number means that systemd will switch to the virtual terminal corresponding to this number when a crash occurs. A negative number /0/no/n/false/f/off means that systemd will not switch the virtual terminal when a crash occurs. The yes/y/true/t/on parameter represents the virtual terminal that switches to the kernel log printing when systemd crashes. The value of this parameter changes from 1 to no before and after the switch, indicating that the terminal will not be switched when systemd crashes.
/etc/systemd/system.conf configuration option DefaultTasksMax changes: There is no limit by default in bclinux7. In bclinux8.2, the number of threads that each service can have is min (kernel.pid_max, kernel.threads-max, pids.max of root-cgroup) * 80% by default.

Key: f77a08e99af1a1b39188c31c3763c635135d8dbb
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: high
Title: Some important changes about glibc
Summary: The GLIBC version of BCLinux8 is 2.28. This version no longer supports nss related modules, no longer providing libnss_nis.so, libnss_nisplus.so. 
/etc/nsswitch.conf deletes all configurations related to nis. The fast cache mechanism provided by the sssd can enhance the parsing performance of user and groups, /etc/nsswitch.conf defaults to set the preferences for passwd and group for sss.
All code that relies and uses the nis module requires rectification, you can use tirpc instead.
Key: 4a827ef2a5b9e218369ef2ce0f383ff05f8ffb86
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: high
Title: GRUB core will be updated during upgrade
Summary: On legacy (BIOS) systems, GRUB core (located in the gap between the MBR and the first partition) does not get automatically updated when GRUB is upgraded.
Key: baa75fad370c42fd037481909201cde9495dacf4
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: high
Title: Difference in Python versions and support in BCLinux 8
Summary: In BCLinux 8, there is no 'python' command. Python 3 (backward incompatible) is the primary Python version and Python 2 is available with limited support and limited set of packages.
Remediation: [hint] Please run "alternatives --set python /usr/bin/python3" after upgrade
Key: a279aa0fd9e4504734717fdaa9df48a5e739697d
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: high
Title: Packages not signed by Red Hat found on the system
Summary: The following packages have not been signed by Red Hat and may be removed during the upgrade process in case Red Hat-signed packages to be removed during the upgrade depend on them:
- nmon
- openssh
- openssh-clients
- openssh-server
Key: 13f0791ae5f19f50e7d0d606fb6501f91b1efb2c
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: high
Title: openssl ciphers have import changes between 1.0.2 and 1.1.1
Summary: BCLinux8 will introduce openssl 1.1.1, openssl-1.1.1 remove some ciphers which are default enabled on openssl-1.0.2, these ciphers are:
DH-DSS-AES256-GCM-SHA384
DH-RSA-AES256-GCM-SHA384
DH-RSA-AES256-SHA256
DH-DSS-AES256-SHA256
DH-RSA-AES256-SHA
DH-DSS-AES256-SHA
DH-RSA-CAMELLIA256-SHA
DH-DSS-CAMELLIA256-SHA
ECDH-RSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDH-RSA-AES256-SHA384
ECDH-ECDSA-AES256-SHA384
ECDH-RSA-AES256-SHA
ECDH-ECDSA-AES256-SHA
DH-DSS-AES128-GCM-SHA256
DH-RSA-AES128-GCM-SHA256
DH-RSA-AES128-SHA256
DH-DSS-AES128-SHA256
DH-RSA-AES128-SHA
DH-DSS-AES128-SHA
DH-RSA-SEED-SHA
DH-DSS-SEED-SHA
DH-RSA-CAMELLIA128-SHA
DH-DSS-CAMELLIA128-SHA
ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-AES128-GCM-SHA256
ECDH-RSA-AES128-SHA256
ECDH-ECDSA-AES128-SHA256
ECDH-RSA-AES128-SHA
ECDH-ECDSA-AES128-SHA
EDH-RSA-DES-CBC3-SHA
EDH-DSS-DES-CBC3-SHA
DH-RSA-DES-CBC3-SHA
DH-DSS-DES-CBC3-SHA
ECDH-RSA-DES-CBC3-SHA
ECDH-ECDSA-DES-CBC3-SHA
KRB5-IDEA-CBC-SHA
KRB5-DES-CBC3-SHA
KRB5-IDEA-CBC-MD5
KRB5-DES-CBC3-MD5
ECDH-RSA-RC4-SHA
ECDH-ECDSA-RC4-SHA
RC4-MD5
KRB5-RC4-SHA
KRB5-RC4-MD5
Remediation: [hint] Please make sure your application do not use these ciphers and modify to use other ciphers.
Key: bf75fb7983c69074993888215d35600da270353b
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: medium
Title: Module pam_pkcs11 will be removed from PAM configuration
Summary: Module pam_pkcs11 was surpassed by SSSD and therefore it was removed from BCLinux-8. Keeping it in PAM configuration may lock out the system thus it will be automatically removed from PAM configuration before upgrading to BCLinux-8. Please switch to SSSD to recover the functionality of pam_pkcs11.
Remediation: [hint] Configure SSSD to replace pam_pkcs11
Key: bf47e7305d6805e8bbeaa7593cf01e38030c23f3
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: medium
Title: chrony using default configuration
Summary: default chrony configuration in BCLinux8 uses leapsectz directive, which cannot be used with leap smearing NTP servers, and uses a single pool directive instead of four server directives
Key: c4222ebd18730a76f6bc7b3b66df898b106e6554
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: low
Title: Grep has incompatible changes in the next major version
Summary: If a file contains data improperly encoded for the current locale, and this is discovered before any of the file's contents are output, grep now treats the file as binary.
The 'grep -P' no longer reports an error and exits when given invalid UTF-8 data. Instead, it considers the data to be non-matching.
In locales with multibyte character encodings other than UTF-8, grep -P now reports an error and exits instead of misbehaving.
When searching binary data, grep now may treat non-text bytes as line terminators. This can boost performance significantly.
The 'grep -z' no longer automatically treats the byte '\200' as binary data.
Context no longer excludes selected lines omitted because of -m. For example, 'grep "^" -m1 -A1' now outputs the first two input lines, not just the first line.

Remediation: [hint] Please update your scripts to be compatible with the changes.
Key: 94665a499e2eeee35eca3e7093a7abe183384b16
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: low
Title: man-db.cron is not enabled by default
Summary: BCLinux8 move /etc/cron.d/man-db.cron from man-db to man-db-cron, man-db.cron is used to periodic update of man-db cache, if you need this feature, please instal man-db-cron.
Key: b17537db9c42ff141519da3d12da11af02270a98
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: low
Title: sysvinit-tools is replaced by util-linux and procps-ng
Summary: In BCLinux 8, sysvinit-tools is removed, sysvinit-tools contains the following commands: last, lastb, mesg, wall, pidof and killall5. In BCLinux 8 system, last, lastb, mesg and wall are provided by util-linux, pidof is provided by procps-ng.
Killall5 is a systemV command, the BCLinux 7 / BCLinux 8 are now based on systemd. In addition, pidof provided by sysvinit-tools is actually a soft link to killall5. In BCLinux 8, pidof is provided by procps-ng instead. So, sysvinit-tools in BCLinux 8 is replaced by util-linux and procps-ng. 
Key: a1e45711615f14f4df19143de10b2208a5f0b9a3
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: low
Title: Postfix has incompatible changes in the next major version
Summary: Postfix 3.x has so called "compatibility safety net" that runs Postfix programs with backwards-compatible default settings. It will log a warning whenever backwards-compatible default setting may be required for continuity of service. Based on this logging the system administrator can decide if any backwards-compatible settings need to be made permanent in main.cf or master.cf, before turning off the backwards-compatibility safety net.
The backward compatibility safety net is by default turned off in Red Hat Enterprise Linux 8.
It can be turned on by running:  "postconf -e compatibility_level=0
It can be turned off by running: "postconf -e compatibility_level=2

In the Postfix MySQL database client, the default "option_group" value has changed to "client", i.e. it now reads options from the [client] group from the MySQL configuration file. To disable it, set "option_group" to the empty string.

The postqueue command no longer forces all message arrival times to be reported in UTC. To get the old behavior, set TZ=UTC in main.cf:import_environment.

Postfix 3.2 enables elliptic curve negotiation. This changes the default smtpd_tls_eecdh_grade setting to "auto", and introduces a new parameter "tls_eecdh_auto_curves" with the names of curves that may be negotiated.

The "master.cf" chroot default value has changed from "y" (yes) to "n" (no). This applies to master.cf services where chroot field is not explicitly specified.

The "append_dot_mydomain" default value has changed from "yes" to "no". You may need changing it to "yes" if senders cannot use complete domain names in e-mail addresses.

The "relay_domains" default value has changed from "$mydestination" to the empty value. This could result in unexpected "Relay access denied" errors or ETRN errors, because now will postfix by default relay only for the localhost.

The "mynetworks_style" default value has changed from "subnet" to "host". This parameter is used to implement the "permit_mynetworks" feature. The change could result in unexpected "access denied" errors, because postfix will now by default trust only the local machine, not the remote SMTP clients on the same IP subnetwork.

Postfix now supports dynamically loaded database plugins. Plugins are shipped in individual RPM sub-packages. Correct database plugins have to be installed, otherwise the specific database client will not work. For example for PostgreSQL map to work, the postfix-pgsql RPM package has to be installed.

Key: 5721e0a07a67d82cf7e5ea6f17662cd4f82e0a33
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: low
Title: audispd is moved from audit to audispd-plugins
Summary: In BCLinux8, audispd related files is moved to audispd-plugins package, and audispd-plugins is not installed by default, if you want to use audispd, please install audispd-plugins.
Key: 644c880c9bb477a6df0d9a175d23d9f575248d05
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: low
Title: Some enabled RPM repositories are unknown to Leapp
Summary: The following repositories with Red Hat-signed packages are unknown to Leapp:
- sys
- redhat7.6
And the following packages installed from those repositories may not be upgraded:
- python-chardet
- keyutils
- pcre-devel
- python2-libcomps
- libcomps
- tcp_wrappers
- dnf-data
- libtirpc
- libmpc
- rpcbind
- mtools
- libyaml
- libmodulemd
- python-enum34
- glibc-devel
- gcc
- dnf
- libref_array
- gssproxy
- libnfsidmap
- checkpolicy
- openssl-devel
- policycoreutils-python
- libselinux-devel
- quota-nls
- libcgroup
- python3
- python3-pip
- libsepol-devel
- libverto-libevent
- tcpdump
- python-IPy
- python2-dnf
- kernel-headers
- setools-libs
- unzip
- traceroute
- bc
- python-deltarpm
- createrepo
- quota
- python3-libs
- libdnf
- python-urllib3
- libverto-devel
- syslinux
- telnet
- nfs-utils
- libreport-filesystem
- libevent
- libbasicobjects
- wget
- librepo
- glibc-headers
- libcom_err-devel
- rear
- attr
- zlib-devel
- krb5-devel
- audit-libs-python
- libsolv
- python2-hawkey
- deltarpm
- libusal
- libpath_utils
- python-requests
- python2-libdnf
- libkadm5
- genisoimage
- vsftpd
- libpcap
- keyutils-libs-devel
- cpp
- python3-setuptools
- mpfr
- libcollection
- libsemanage-python
- pam-devel
- libini_config
Remediation: [hint] You can file a request to add this repository to the scope of in-place upgrades by filing a support ticket
Key: 8e89e20c645cea600b240156071d81c64daab7ad
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: info
Title: SElinux disabled
Summary: SElinux disabled, continuing...
Key: 4f25fea9b15b9d1d07d52cc1de02073f295dac3d
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------
Risk Factor: info
Title: Current PAM and nsswitch.conf configuration will be kept.
Summary: There is a new tool called authselect in BCLinux8 that replaced authconfig. The upgrade process was unable to find an authselect profile that would be equivalent to your current configuration. Therefore your configuration will be left intact.
Key: 40c4ab1da4a30dc1ca40e543f6385e1336d8810c
ExternalLink: [Anolis OS Migration System(AOMS) Knowledge Base, visit it and query the content by the given Key] https://www.yuque.com/anolis-docs/kbase/gk90ag
----------------------------------------