Hide Forgot
Description of problem: When using ospp kickstart shipped with scap-security-guide-0.1.30-3, remediation is actually so strict it makes the installed machine not usable. The only user created is the root, and ospp prevents root from logging in directly. Version-Release number of selected component (if applicable): scap-security-guide-0.1.30-3 How reproducible: reliably Steps to Reproduce: 1. install machine with /usr/share/scap-security-guide/kickstart/ssg-rhel7-ospp-ks.cfg Actual results: Root cannot be logged in with password "server", specified in the KS, no other user created Expected results: Some other user is created to be used to log into the machine. Additional info: Origins in Bug 1351751
Shawn, could you please confirm that this is a bug?
Upstream fix: https://github.com/OpenSCAP/scap-security-guide/pull/1969
Verified manually that kickstart ssg-rhel7-ospp-ks.cfg in ssg version scap-security-guide-0.1.33-4.el7.noarch creates user admin, is in wheel group [thus sudo-able] and has password admin123. There are two issues though: firewall is set to drop, thus SSG connection is not possible, and PAM hardening related to smartcard enablement prevets any user from login from console.
Issue with the PAM hardening is tracked separately in Bug 1461330 Apart from this issue, kickstart is working (see Comment 7).
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2064