Red Hat Bugzilla – Bug 1462944
SCAP Security Guide lacks Anaconda remediations for partitioning
Last modified: 2017-11-16 11:12:59 EST
Description of problem:
Quite a few profiles shipped within SSG requires separate partitions for particular mountpoints. This should be checked by oscap-anaconda-addon and user should be warned/forced to update partitioning to adhere to the profile selected.
This does not happen right now. Only in C2S profile, user is forced to separate /tmp directory because of rule "Add nodev Option to /tmp" which checks for "nodev" mountoption, and if /tmp is not separate mountpoint, fails. I would expect the same behaviour triggered from rules checking partitioning separation of the mountpoints.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. boot anaconda, select profile C2S
2. check steps text field on the bottom of the oscap widget
Only /tmp is reported as not being configured properly
As C2S requires separate partitions for /home /tmp /var /var/log /var/log/audit, all of them should be reported as required.