Bug 1311230

Summary: RHEL 7.2 STIG/OSCAP partitions not applied during automatic partitions
Product: Red Hat Enterprise Linux 7 Reporter: Mike Tosh <michael.j.tosh>
Component: oscap-anaconda-addonAssignee: Vratislav Podzimek <vpodzime>
Status: CLOSED CANTFIX QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.2CC: openscap-maint, slukasik, vpodzime
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-02-24 06:34:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Mike Tosh 2016-02-23 16:31:13 UTC
Description of problem:
Attempting to perform new installs of RHEL7.2, and when choosing the "Pre-release Draft STIG for Redhat Linux 7 server", there is no automatic partitions created for /tmp, /home, /var, /var/log, or /var/log/audit.


Version-Release number of selected component (if applicable):
7.2


How reproducible:
Every time

Steps to Reproduce:
1. Select "Pre-release Draft STIG for Redhat Linux 7 server"
2. Select "Automatic Partitioning"
3. Select "Install"

Actual results:
Only / partition is created

Expected results:
Partitions are created for /, /tmp/, /home/, /var/, /var/log/, & /var/log/audit/

Additional info:
NOTE: This may be a problem with the delivered STIG not including the command to "fix" the partitioning, but not sure if the oscap anaconda addon would support it if it did.

Comment 2 Vratislav Podzimek 2016-02-24 06:34:54 UTC
Unfortunately, there's no way to create those partitions automatically because their sizes differ a lot with different use cases and storage configurations/setups/options.

Comment 3 Šimon Lukašík 2016-02-24 10:57:45 UTC
I think the idea here was to verify that user defines compliant partitioning. And the plug-in can suggest to user that the partitioning selected is not compliant.

There is that a documentation for that feature at

  http://www.open-scap.org/tools/oscap-anaconda-addon/doc/
  Section 2.1. Partitioning rules

The problem is however, that scap-security-guide/STIG does not contain these rules. Vratislav, do you think we should have a bug against scap-security-guide to supply these rules?

Comment 4 Vratislav Podzimek 2016-02-29 08:40:55 UTC
(In reply to Šimon Lukašík from comment #3)
> I think the idea here was to verify that user defines compliant
> partitioning. And the plug-in can suggest to user that the partitioning
> selected is not compliant.
> 
> There is that a documentation for that feature at
> 
>   http://www.open-scap.org/tools/oscap-anaconda-addon/doc/
>   Section 2.1. Partitioning rules
> 
> The problem is however, that scap-security-guide/STIG does not contain these
> rules. Vratislav, do you think we should have a bug against
> scap-security-guide to supply these rules?

Yes please, it would definitely make user experience better.