Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1826

[RFE] Check CPE applicabilities during annaconda plugin run

XMLWordPrintable

    • rhel-sst-security-compliance
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • None
    • None
    • Known Issue
    • Hide
      .RHV hypervisor may not work correctly when hardening the system during installation

      When installing Red Hat Virtualization Hypervisor (RHV-H) and applying the Red Hat Enterprise Linux 8 STIG profile, OSCAP Anaconda Add-on may harden the system as RHEL instead of RVH-H and remove essential packages for RHV-H. Consequently, the RHV hypervisor may not work. To work around the problem, install the RHV-H system without applying any profile hardening, and after the installation is complete, apply the profile by using OpenSCAP. As a result, the RHV hypervisor works correctly.
      Show
      .RHV hypervisor may not work correctly when hardening the system during installation When installing Red Hat Virtualization Hypervisor (RHV-H) and applying the Red Hat Enterprise Linux 8 STIG profile, OSCAP Anaconda Add-on may harden the system as RHEL instead of RVH-H and remove essential packages for RHV-H. Consequently, the RHV hypervisor may not work. To work around the problem, install the RHV-H system without applying any profile hardening, and after the installation is complete, apply the profile by using OpenSCAP. As a result, the RHV hypervisor works correctly.
    • Done
    • None

      Description of problem:
      scap-security-guide has a check for ovirt-host or ovirt-engine package,
      this prevents some packages, that RHV depends on, being removed.
      However this check does not seem to work in the plugin. In RHVH,
      which is image distributed by RHV, the packages are still deleted
      dispite ovirt-host being installed in that image.

              ekolesni Evgeny Kolesnikov
              amusil@redhat.com Ales Musil
              Matej Tyc Matej Tyc
              Release Test Team Release Test Team
              Mirek Jahoda Mirek Jahoda
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: