Back to bug 2172264
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2023-02-21 19:05:55 UTC | Pool ID | sst_installer_rhel_9 | |
| Jan Stodola | 2023-02-22 15:21:40 UTC | CC | jcastran | |
| Link ID | Red Hat Knowledge Base (Solution) 6999291 | |||
| Pool ID | sst_installer_rhel_9 | sst_security_compliance_rhel_9 | ||
| CC | jstodola, mhaicman, wsato | |||
| Assignee | anaconda-maint-list | matyc | ||
| Component | anaconda | oscap-anaconda-addon | ||
| Red Hat One Jira (issues.redhat.com) | 2023-02-22 15:23:44 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-149684 | |
| Matěj Týč | 2023-03-13 16:58:56 UTC | Doc Type | If docs needed, set a value | Known Issue |
| RHEL Program Management | 2023-03-13 16:59:04 UTC | Keywords | Triaged | |
| Matěj Týč | 2023-03-13 17:18:41 UTC | Keywords | Triaged | |
| RHEL Program Management | 2023-03-13 17:18:51 UTC | Keywords | Triaged | |
| Jan Fiala | 2023-04-26 13:25:53 UTC | Docs Contact | jafiala | |
| CC | jafiala | |||
| Jan Fiala | 2023-04-26 15:20:02 UTC | Doc Text | .`oscap-anaconda-addon` sends error message for `tftp` When installing RHEL Network Servers with a CIS security profile (`cis`, `cis_server_l1`, `cis_workstation_l1`, or `cis_workstation_l2`), `oscap-anaconda-addon` sends the following error message: “package 'tftp' has been added to the list of excluded packages, but it can't be removed from the current software selection without breaking the install”. To work around the problem, go back to Software Selection and uncheck the `Network Servers` additional software. | |
| Flags | needinfo?(matyc) | |||
| CC | matyc | |||
| Matěj Týč | 2023-04-26 15:35:11 UTC | Flags | needinfo?(matyc) | |
| Jan Fiala | 2023-04-28 09:17:57 UTC | Doc Text | .`oscap-anaconda-addon` sends error message for `tftp` When installing RHEL Network Servers with a CIS security profile (`cis`, `cis_server_l1`, `cis_workstation_l1`, or `cis_workstation_l2`), `oscap-anaconda-addon` sends the following error message: “package 'tftp' has been added to the list of excluded packages, but it can't be removed from the current software selection without breaking the install”. To work around the problem, go back to Software Selection and uncheck the `Network Servers` additional software. | .`oscap-anaconda-addon` does not allow CIS hardening of systems with Network Servers package group When installing RHEL Network Servers with a CIS security profile (`cis`, `cis_server_l1`, `cis_workstation_l1`, or `cis_workstation_l2`) on systems with the Network Servers package group selected, `oscap-anaconda-addon` sends the following error message: “package `tftp` has been added to the list of excluded packages, but it can't be removed from the current software selection without breaking the install”. To proceed with the installation, go back to Software Selection and uncheck the `Network Servers` additional software to allow the installation and hardening to finish. Then, install the required packages on the installed system. |
| Jan Fiala | 2023-05-02 09:28:47 UTC | Doc Text | .`oscap-anaconda-addon` does not allow CIS hardening of systems with Network Servers package group When installing RHEL Network Servers with a CIS security profile (`cis`, `cis_server_l1`, `cis_workstation_l1`, or `cis_workstation_l2`) on systems with the Network Servers package group selected, `oscap-anaconda-addon` sends the following error message: “package `tftp` has been added to the list of excluded packages, but it can't be removed from the current software selection without breaking the install”. To proceed with the installation, go back to Software Selection and uncheck the `Network Servers` additional software to allow the installation and hardening to finish. Then, install the required packages on the installed system. | .`oscap-anaconda-addon` does not allow CIS hardening of systems with Network Servers package group When installing RHEL Network Servers with a CIS security profile (`cis`, `cis_server_l1`, `cis_workstation_l1`, or `cis_workstation_l2`) on systems with the Network Servers package group selected, `oscap-anaconda-addon` sends the following error message: “package `tftp` has been added to the list of excluded packages, but it can't be removed from the current software selection without breaking the install”. To proceed with the installation, navigate back to Software Selection and uncheck the `Network Servers` additional software to allow the installation and hardening to finish. Then, install the required packages. |
| Release Test Team | 2023-05-02 10:45:57 UTC | Link ID | Red Hat Issue Tracker RTT-5279 | |
| Release Test Team | 2023-05-02 10:46:02 UTC | Link ID | Red Hat Issue Tracker RTT-5280 | |
| Jan Fiala | 2023-05-03 06:30:50 UTC | Doc Text | .`oscap-anaconda-addon` does not allow CIS hardening of systems with Network Servers package group When installing RHEL Network Servers with a CIS security profile (`cis`, `cis_server_l1`, `cis_workstation_l1`, or `cis_workstation_l2`) on systems with the Network Servers package group selected, `oscap-anaconda-addon` sends the following error message: “package `tftp` has been added to the list of excluded packages, but it can't be removed from the current software selection without breaking the install”. To proceed with the installation, navigate back to Software Selection and uncheck the `Network Servers` additional software to allow the installation and hardening to finish. Then, install the required packages. | .`oscap-anaconda-addon` does not allow CIS hardening of systems with Network Servers package group When installing RHEL Network Servers with a CIS security profile (`cis`, `cis_server_l1`, `cis_workstation_l1`, or `cis_workstation_l2`) on systems with the Network Servers package group selected, `oscap-anaconda-addon` sends the error message `package tftp has been added to the list of excluded packages, but it can't be removed from the current software selection without breaking the install`. To proceed with the installation, navigate back to Software Selection and uncheck the `Network Servers` additional software to allow the installation and hardening to finish. Then, install the required packages. |
| Jan Černý | 2023-07-18 09:40:13 UTC | CC | jcerny | |
| Status | NEW | POST | ||
| Matěj Týč | 2023-07-21 11:24:34 UTC | Status | POST | MODIFIED |
| Jan Stodola | 2023-08-01 15:11:35 UTC | Fixed In Version | oscap-anaconda-addon-2.0.0-17.el9 | |
| Flags | needinfo?(jafiala) | |||
| errata-xmlrpc | 2023-08-01 15:15:42 UTC | Status | MODIFIED | ON_QA |
| Jan Fiala | 2023-08-01 17:37:29 UTC | Doc Text | .`oscap-anaconda-addon` does not allow CIS hardening of systems with Network Servers package group When installing RHEL Network Servers with a CIS security profile (`cis`, `cis_server_l1`, `cis_workstation_l1`, or `cis_workstation_l2`) on systems with the Network Servers package group selected, `oscap-anaconda-addon` sends the error message `package tftp has been added to the list of excluded packages, but it can't be removed from the current software selection without breaking the install`. To proceed with the installation, navigate back to Software Selection and uncheck the `Network Servers` additional software to allow the installation and hardening to finish. Then, install the required packages. | .`oscap-anaconda-addon` can now harden Network Servers for CIS Previously, installing RHEL Network Servers with a CIS security profile (`cis`, `cis_server_l1`, `cis_workstation_l1`, or `cis_workstation_l2`) was not possible with the Network Servers package group selected. This problem is fixed by excluding the `tftp` package in `oscap-anaconda-addon-2.0.0-17.el9` provided with RHEL 9.3. As a consequence, you can install CIS-hardened RHEL Network Servers with the Network Servers package group. |
| Doc Type | Known Issue | Bug Fix | ||
| Flags | needinfo?(jafiala) | needinfo?(matyc) needinfo?(jstodola) | ||
| Jan Stodola | 2023-08-02 08:49:29 UTC | Flags | needinfo?(jstodola) | |
| Jan Stodola | 2023-08-04 10:56:59 UTC | Status | ON_QA | VERIFIED |
| Gabi Fialová | 2023-08-07 11:27:46 UTC | CC | gfialova | |
| Matěj Týč | 2023-08-09 13:15:22 UTC | Flags | needinfo?(matyc) |
Back to bug 2172264