Back to bug 1834716
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2020-05-12 09:38:01 UTC | Pool ID | sst_platform_security_rhel_8 | |
| Matěj Týč | 2020-05-12 09:40:51 UTC | Depends On | 1828871 | |
| Matus Marhefka | 2020-05-21 12:57:59 UTC | Doc Text | Cause: During the installation, the scanner may incorrectly deduce whether to apply remediations to disable/enable of services. Consequence: Some services on the installed system may set to a non-compliant state after the installation. Workaround (if any): Run a scan and remediation right after the installation. Result: The scan and remediation of the freshly-installed system will fix all of the remaining service-related issues. | |
| Doc Type | If docs needed, set a value | Known Issue | ||
| Matus Marhefka | 2020-06-09 11:42:33 UTC | Summary | Remediating rules using service_disabled template after CIS Server with GUI Kickstart installation does not work as expected | Remediating rules using service_disabled template during kickstart installation does not work as expected |
| Nikos Mavrogiannopoulos | 2020-08-10 12:09:33 UTC | Pool ID | sst_platform_security_rhel_8 | sst_security_compliance_rhel_8 |
| Lucie Vařáková | 2020-09-25 11:39:37 UTC | CC | lmanasko | |
| Docs Contact | mjahoda | |||
| Khushbu Borole | 2020-10-07 12:23:40 UTC | CC | kborole | |
| Docs Contact | mjahoda | kborole | ||
| Khushbu Borole | 2020-10-08 12:07:53 UTC | Flags | needinfo?(matyc) | |
| Khushbu Borole | 2020-10-09 07:23:04 UTC | Doc Text | Cause: During the installation, the scanner may incorrectly deduce whether to apply remediations to disable/enable of services. Consequence: Some services on the installed system may set to a non-compliant state after the installation. Workaround (if any): Run a scan and remediation right after the installation. Result: The scan and remediation of the freshly-installed system will fix all of the remaining service-related issues. | .Remediating service related rules during kickstart installation does not work as expected During the kickstart installation, the OpenSCAP scanner sometimes incorrectly assumes that a service `enable` or `disable` state remediation is not needed. Consequently, sometimes this can lead the services on the installed system to set a non-compliant state. As a workaround, you can scan and remediate the system after the kickstart installation, this will fix the service related issues and work as expected. |
| Flags | needinfo?(matyc) | |||
| Khushbu Borole | 2020-10-12 05:25:12 UTC | Doc Text | .Remediating service related rules during kickstart installation does not work as expected During the kickstart installation, the OpenSCAP scanner sometimes incorrectly assumes that a service `enable` or `disable` state remediation is not needed. Consequently, sometimes this can lead the services on the installed system to set a non-compliant state. As a workaround, you can scan and remediate the system after the kickstart installation, this will fix the service related issues and work as expected. | .Remediating service-related rules during kickstart installations might fail During a kickstart installation, the OpenSCAP utility sometimes incorrectly shows that a service `enable` or `disable` state remediation is not needed. Consequently, OpenSCAP might set the services on the installed system to a non-compliant state. As a workaround, you can scan and remediate the system after the kickstart installation. This will fix the service-related issues. |
| Red Hat One Jira (issues.redhat.com) | 2020-10-15 13:30:26 UTC | Link ID | Red Hat Issue Tracker - Private RHELPLAN-44202 | |
| Red Hat One Jira (issues.redhat.com) | 2020-11-14 04:37:47 UTC | Link ID | Red Hat Issue Tracker - Private OPENSCAP-1752 | |
| Red Hat One Jira (issues.redhat.com) | 2021-01-19 19:47:17 UTC | Link ID | Red Hat Issue Tracker - Private OPENSCAP-1752 | |
| Lucie Cervakova | 2021-01-19 19:50:56 UTC | CC | lcervako | |
| Red Hat One Jira (issues.redhat.com) | 2021-01-19 19:52:28 UTC | Link ID | Red Hat Issue Tracker - Private OPENSCAP-1752 | |
| Lucie Cervakova | 2021-01-19 20:26:03 UTC | Link ID | Red Hat Issue Tracker - Private OPENSCAP-1752 | |
| Lucie Cervakova | 2021-01-19 20:27:31 UTC | CC | lcervako | |
| Milan Lysonek | 2021-08-31 11:40:46 UTC | Blocks | 1999587 | |
| RHEL Program Management | 2021-11-12 07:27:09 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Last Closed | 2021-11-12 07:27:09 UTC | |||
| Matěj Týč | 2022-01-18 10:21:01 UTC | Doc Type | Known Issue | Bug Fix |
| Resolution | WONTFIX | --- | ||
| Status | CLOSED | ASSIGNED | ||
| Depends On | 2041781 | |||
| Keywords | Reopened | |||
| Matěj Týč | 2022-03-07 14:42:33 UTC | Status | ASSIGNED | POST |
| Jan Stodola | 2022-03-08 14:47:28 UTC | CC | jstodola | |
| Flags | needinfo?(matyc) | |||
| Matěj Týč | 2022-03-08 15:31:14 UTC | Flags | needinfo?(matyc) | |
| Release Test Team | 2022-03-18 16:42:46 UTC | Link ID | Red Hat Issue Tracker RTT-4329 | |
| Release Test Team | 2022-03-18 16:42:51 UTC | Link ID | Red Hat Issue Tracker RTT-4330 | |
| Matěj Týč | 2022-03-23 16:28:58 UTC | Fixed In Version | oscap-anaconda-addon-1.2.1-6.el8 | |
| Status | POST | MODIFIED | ||
| Gabi Fialová | 2022-03-29 08:12:51 UTC | CC | gfialova | |
| Flags | needinfo?(kborole) | |||
| Khushbu Borole | 2022-03-29 08:28:48 UTC | Flags | needinfo?(kborole) | |
| Doc Type | Bug Fix | Known Issue | ||
| Release Test Team | 2022-04-01 12:52:16 UTC | Link ID | Red Hat Issue Tracker RTT-4357 | |
| Alois Mahdal | 2022-04-22 07:00:00 UTC | CC | amahdal | |
| errata-xmlrpc | 2022-04-22 07:01:15 UTC | Status | MODIFIED | ON_QA |
| Jan Stodola | 2022-04-25 08:51:12 UTC | Flags | needinfo?(matyc) | |
| Matěj Týč | 2022-04-26 14:42:29 UTC | Doc Text | .Remediating service-related rules during kickstart installations might fail During a kickstart installation, the OpenSCAP utility sometimes incorrectly shows that a service `enable` or `disable` state remediation is not needed. Consequently, OpenSCAP might set the services on the installed system to a non-compliant state. As a workaround, you can scan and remediate the system after the kickstart installation. This will fix the service-related issues. | Remediation of rules that are based on services being either disabled or enabled is no longer unreliable. The installer now schedules the last part of the remediation to the installed system's first boot, and state of services can be therefore detected reliably. Note: The firstboot remediation is a feature in itself: https://bugzilla.redhat.com/show_bug.cgi?id=2063179 Formerly a Known Issue: .Remediating service-related rules during kickstart installations might fail During a kickstart installation, the OpenSCAP utility sometimes incorrectly shows that a service `enable` or `disable` state remediation is not needed. Consequently, OpenSCAP might set the services on the installed system to a non-compliant state. As a workaround, you can scan and remediate the system after the kickstart installation. This will fix the service-related issues. |
| Flags | needinfo?(matyc) | |||
| Doc Type | Known Issue | Bug Fix | ||
| Jan Stodola | 2022-04-27 14:04:46 UTC | Status | ON_QA | VERIFIED |
| Gabi Fialová | 2022-05-02 13:55:17 UTC | Flags | needinfo?(kborole) | |
| Khushbu Borole | 2022-05-04 12:08:15 UTC | Doc Type | Bug Fix | Known Issue |
| Flags | needinfo?(kborole) | |||
| Doc Text | Remediation of rules that are based on services being either disabled or enabled is no longer unreliable. The installer now schedules the last part of the remediation to the installed system's first boot, and state of services can be therefore detected reliably. Note: The firstboot remediation is a feature in itself: https://bugzilla.redhat.com/show_bug.cgi?id=2063179 Formerly a Known Issue: .Remediating service-related rules during kickstart installations might fail During a kickstart installation, the OpenSCAP utility sometimes incorrectly shows that a service `enable` or `disable` state remediation is not needed. Consequently, OpenSCAP might set the services on the installed system to a non-compliant state. As a workaround, you can scan and remediate the system after the kickstart installation. This will fix the service-related issues. | .Remediating service-related rules during kickstart installations might fail During a kickstart installation, the OpenSCAP utility sometimes incorrectly shows that a service `enable` or `disable` state remediation is not needed. Consequently, OpenSCAP might set the services on the installed system to a non-compliant state. As a workaround, you can scan and remediate the system after the kickstart installation. This will fix the service-related issues. |
||
| Matěj Týč | 2022-06-20 14:53:59 UTC | Status | VERIFIED | NEW |
| Red Hat Bugzilla | 2022-06-30 22:49:42 UTC | CC | amahdal | |
| RHEL Program Management | 2022-07-25 07:28:05 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Last Closed | 2021-11-12 07:27:09 UTC | 2022-07-25 07:28:05 UTC | ||
| Gabi Fialová | 2022-07-26 13:48:10 UTC | CC | gfialova |
Back to bug 1834716