Bug 1378581
Summary: | ospp kickstart example too strict | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Marek Haicman <mhaicman> |
Component: | scap-security-guide | Assignee: | Watson Yuuma Sato <wsato> |
Status: | CLOSED ERRATA | QA Contact: | Marek Haicman <mhaicman> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.3 | CC: | mhaicman, mpreisle, openscap-maint, swells |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | scap-security-guide-0.1.33-1.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-01 12:23:38 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Marek Haicman
2016-09-22 19:20:11 UTC
Shawn, could you please confirm that this is a bug? Verified manually that kickstart ssg-rhel7-ospp-ks.cfg in ssg version scap-security-guide-0.1.33-4.el7.noarch creates user admin, is in wheel group [thus sudo-able] and has password admin123. There are two issues though: firewall is set to drop, thus SSG connection is not possible, and PAM hardening related to smartcard enablement prevets any user from login from console. Issue with the PAM hardening is tracked separately in Bug 1461330 Apart from this issue, kickstart is working (see Comment 7). Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2064 |