Bug 1463853 - [RFE] RHV-M appliance should meet NIST 800-53 partitioning requirements
[RFE] RHV-M appliance should meet NIST 800-53 partitioning requirements
Status: ON_QA
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: rhevm-appliance (Show other bugs)
4.1.2
Unspecified Linux
unspecified Severity high
: ovirt-4.2.0
: ---
Assigned To: Yuval Turgeman
Gonza
: FutureFeature
Depends On:
Blocks: 1502604
  Show dependency treegraph
 
Reported: 2017-06-21 20:10 EDT by Javier Coscia
Modified: 2017-10-30 09:30 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Previously, the partitioning scheme for the RHV-M Virtual Appliance included two primary partitions, "/" and swap. In this release, the disk partitioning scheme has been modified to match the scheme specified by NIST. The updated disk partitions are as follows: /boot 1G (primary) /home 1G (lvm) /tmp 2G (lvm) /var 20G (lvm) /var/log 10G (lvm) /var/log/audit 1G (lvm) swap 8G (lvm) / 6G (primary)
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Node
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
pstehlik: testing_plan_complete-


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 78926 master MERGED Build to meet NIST partitioning requirements 2017-08-01 07:54 EDT

  None (edit)
Description Javier Coscia 2017-06-21 20:10:23 EDT
Description of the problem:

Customers in public sector need to meet certain security layouts, one of them
is the requirement of having separate partitions for the following directories

/home
/tmp
/var
/var/log/audit

Version-Release number of selected component (if applicable):

RHV-M appliance > rhvm-appliance-20170619.0-1.x86_64.rhevm.ova
RPM > rhevm-appliance-20170616.0-1.el7ev.noarch.rpm

How reproducible:
100%

Note You need to log in before you can comment on or make changes to this bug.