Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-23852

CIS Server Level 1 installation can be started with "Server with GUI"

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • rhel-9.3.0
    • scap-security-guide
    • None
    • sst_security_compliance
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • None
    • None
    • Unspecified Release Note Type - Unknown
    • None

      What were you trying to do that didn't work?

      During manual installation, I've selected "CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Server" in combination with "Server with GUI" package set and I was able to start the installation even though it shouldn't be possible.

      After few seconds after installation start, I got error:

       

       Problem 1: package gutenprint-cups-5.3.4-4.el9.x86_64 from AppStream requires cups, but none of the providers can be installed
  - conflicting requests
  - package cups-1:2.3.3op2-21.el9.x86_64 from AppStream is filtered out by exclude filtering
 Problem 2: package libsane-hpaio-3.21.2-6.el9.x86_64 from AppStream requires libavahi-core.so.7()(64bit), but none of the providers can be installed
  - cannot install the best candidate for the job
  - package avahi-0.8-15.el9.x86_64 from anaconda is filtered out by exclude filtering
 Problem 3: package avahi-tools-0.8-15.el9.x86_64 from AppStream requires avahi = 0.8-15.el9, but none of the providers can be installed
  - conflicting requests
  - package avahi-0.8-15.el9.i686 from anaconda is filtered out by exclude filtering
  - package avahi-0.8-15.el9.x86_64 from anaconda is filtered out by exclude filtering
 Problem 4: package pnm2ppa-1:1.04-52.el9.x86_64 from AppStream requires foomatic, but none of the providers can be installed
  - package foomatic-4.0.13-19.el9.x86_64 from AppStream requires cups, but none of the providers can be installed
  - conflicting requests
  - package cups-1:2.3.3op2-21.el9.x86_64 from AppStream is filtered out by exclude filtering

       

      The error is correct because CIS Server Level 1 wants to remove cups package but it's require by GUI package.

      Please provide the package NVR for which bug is seen:

      scap-security-guide-0.1.69-3.el9_3.noarch.rpm

      How reproducible:

      100%

      Steps to reproduce

      1. Start manual installation of RHEL9
      2. Select "CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Server" security profile
      3. Select "Server with GUI" package set
      4. Configure require partitions
      5. Configure users
      6. Begin installation

      Expected results

      It shouldn't be possible to begin installation. And it should show similar warning (in "Security Profile" section) as, e.g. CIS Server Level 2 profile:

      package `xorg-x11-server-common` has been added to the list of excluded packages, but it can't be removed from the current software selection without breaking installation.

      Actual results

      It's possible to start installation for CIS Server Level 1 + Server with GUI.

            vpolasek@redhat.com Vojtech Polasek
            mlysonek@redhat.com Milan Lysonek
            Vojtech Polasek Vojtech Polasek
            SSG Security QE SSG Security QE
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: