Bug 1462944 - SCAP Security Guide lacks Anaconda remediations for partitioning
SCAP Security Guide lacks Anaconda remediations for partitioning
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: scap-security-guide (Show other bugs)
7.4
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Watson Yuuma Sato
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-19 13:58 EDT by Marek Haicman
Modified: 2017-11-16 11:12 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marek Haicman 2017-06-19 13:58:45 EDT
Description of problem:
Quite a few profiles shipped within SSG requires separate partitions for particular mountpoints. This should be checked by oscap-anaconda-addon and user should be warned/forced to update partitioning to adhere to the profile selected.

This does not happen right now. Only in C2S profile, user is forced to separate /tmp directory because of rule "Add nodev Option to /tmp" which checks for "nodev" mountoption, and if /tmp is not separate mountpoint, fails. I would expect the same behaviour triggered from rules checking partitioning separation of the mountpoints.

Version-Release number of selected component (if applicable):
scap-security-guide-0.1.33-5.el7.noarch

How reproducible:
reliably

Steps to Reproduce:
1. boot anaconda, select profile C2S
2. check steps text field on the bottom of the oscap widget
3.

Actual results:
Only /tmp is reported as not being configured properly

Expected results:
As C2S requires separate partitions for /home /tmp /var /var/log /var/log/audit, all of them should be reported as required.

Additional info:

Note You need to log in before you can comment on or make changes to this bug.