Bug 1654253 (RHV-H_4.3_STIG)
| Summary: | [RFE] STIG compliance for RHV-H | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Sandro Bonazzola <sbonazzo> | ||||
| Component: | redhat-virtualization-host | Assignee: | Yuval Turgeman <yturgema> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Huijuan Zhao <huzhao> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 4.3.0 | CC: | cshao, huzhao, mtessun, nlevy, qiyuan, rdlugyhe, sbonazzo, weiwang, yaniwang, ycui, yturgema | ||||
| Target Milestone: | ovirt-4.3.3 | Keywords: | FutureFeature, Tracking | ||||
| Target Release: | 4.3.0 | Flags: | huzhao:
testing_plan_complete+
|
||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Enhancement | |||||
| Doc Text: |
The current release presents the OpenSCAP security profile as an option to users installing and upgrading Red Hat Virtualization Hosts. This feature helps organizations comply with the Security Content Automation Protocol (SCAP) standards.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-05-08 12:32:19 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Node | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1634239 | ||||||
| Bug Blocks: | 1653669 | ||||||
| Attachments: |
|
||||||
|
Description
Sandro Bonazzola
2018-11-28 10:29:04 UTC
Moving to 4.3.2 since the RHV-H profiles for STIG are not yet available. Moving to 4.3.3 waiting on new profile to be ready Tested in rhvh-4.3.0.5-0.20190328.0, the RFE feature is available. Test version: # imgbase layout rhvh-4.3.0.5-0.20190313.0 +- rhvh-4.3.0.5-0.20190313.0+1 rhvh-4.3.0.5-0.20190328.0 +- rhvh-4.3.0.5-0.20190328.0+1 Test steps: 1. Install rhvh-4.3.0.5-0.20190313.0, and choose the standard profile(xccdf_org.ssgproject.content_profile_standard) for "security policy" in Anaconda 2. Login rhvh, check the files in /var/lib/imgbased/openscap: # cat /var/lib/imgbased/openscap/config # ls -al /var/lib/imgbased/openscap/reports/ 3. Upgrade rhvh to rhvh-4.3.0.5-0.20190328.0 4. Reboot and login rhvh-4.3.0.5-0.20190328.0, check the files in /var/lib/imgbased/openscap as step 2 Test results: 1. After step 2, no report file in /var/lib/imgbased/openscap/reports/ # cat /var/lib/imgbased/openscap/config [openscap] configured = 1 datastream = /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml profile = xccdf_org.ssgproject.content_profile_standard 2. After step 4, there is scan report file in /var/lib/imgbased/openscap/reports/ # ls -al /var/lib/imgbased/openscap/reports/ total 648 dr-xr-x---. 2 root root 4096 Mar 29 08:53 . dr-xr-x---. 3 root root 4096 Mar 29 08:08 .. -rw-r--r--. 1 root root 655358 Mar 29 08:33 scap-report-20190329083010.html Open the report file scap-report-20190329083010.html via browser, can see the detailed OpenSCAP Evaluation Report. So this RFE is solved in rhvh-4.3.0.5-0.20190328.0, move the status to VERIFIED. Created attachment 1549388 [details]
OpenSCAP Evaluation Report
Not enabled by default - the user can select the profile during installation (it's part of the anaconda installer). If the user selected a security profile during the initial installation, this profile is registered on the system and will be reapplied on upgrades automatically Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:1053 |