Bug 1462944

Summary: SCAP Security Guide lacks Anaconda remediations for partitioning
Product: Red Hat Enterprise Linux 7 Reporter: Marek Haicman <mhaicman>
Component: scap-security-guideAssignee: Watson Yuuma Sato <wsato>
Status: CLOSED ERRATA QA Contact: Marek Haicman <mhaicman>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.4CC: mhaicman, openscap-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: scap-security-guide-0.1.39-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 11:46:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marek Haicman 2017-06-19 17:58:45 UTC 
Description of problem:
Quite a few profiles shipped within SSG requires separate partitions for particular mountpoints. This should be checked by oscap-anaconda-addon and user should be warned/forced to update partitioning to adhere to the profile selected.

This does not happen right now. Only in C2S profile, user is forced to separate /tmp directory because of rule "Add nodev Option to /tmp" which checks for "nodev" mountoption, and if /tmp is not separate mountpoint, fails. I would expect the same behaviour triggered from rules checking partitioning separation of the mountpoints.

Version-Release number of selected component (if applicable):
scap-security-guide-0.1.33-5.el7.noarch

How reproducible:
reliably

Steps to Reproduce:
1. boot anaconda, select profile C2S
2. check steps text field on the bottom of the oscap widget
3.

Actual results:
Only /tmp is reported as not being configured properly

Expected results:
As C2S requires separate partitions for /home /tmp /var /var/log /var/log/audit, all of them should be reported as required.

Additional info:
Comment 1 Marek Haicman 2018-03-19 20:53:41 UTC 
*** Bug 1313223 has been marked as a duplicate of this bug. ***
Comment 2 Marek Haicman 2018-03-23 18:28:09 UTC 
Fixed upstream: https://github.com/OpenSCAP/scap-security-guide/pull/2679
Comment 4 Marek Haicman 2018-08-27 16:40:31 UTC 
Version scap-security-guide-0.1.40-2.el7 requires these partitions to be separate for C2S profile (in anaconda):
/tmp
/var
/var/log/audit
/home
/var/log
/var/tmp

and unfortunately
/dev/cdrom
which is a bug and is tracked in Bug 1618840

Verified.
Comment 6 errata-xmlrpc 2018-10-30 11:46:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3308