1598318 – Require SCAP in ovirt-host

Bug 1598318 - Require SCAP in ovirt-host

Summary: Require SCAP in ovirt-host

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-distribution
Classification:	oVirt
Component:	ovirt-host
Sub Component:
Version:	---
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	ovirt-4.3.0
Target Release:	4.3.0
Assignee:	Sandro Bonazzola
QA Contact:	Pavol Brilla
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-07-05 06:27 UTC by Sandro Bonazzola
Modified:	2019-02-25 12:15 UTC (History)
CC List:	14 users (show)
Fixed In Version:	ovirt-host-4.3.0-0.1.beta, ovirt-release43-4.3.0_rc1
Doc Type:	Enhancement
Doc Text:	The openscap, openscap-utils and scap-security-guide packages have been added to RHVH in order to increase security hardening in RHVH deployments.
Clone Of:
Environment:
Last Closed:	2019-02-13 07:44:57 UTC
oVirt Team:	Integration
Embargoed:
Flags:	sbonazzo: ovirt-4.3? rule-engine: planning_ack? rule-engine: devel_ack+ lsvaty: testing_ack+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
oVirt gerrit	92821	0	master	MERGED	packaging: node: move scap to ovirt-host	2021-01-27 10:41:37 UTC
oVirt gerrit	92822	0	master	MERGED	packaging: add scap packages	2021-01-27 10:41:37 UTC

Description Sandro Bonazzola 2018-07-05 06:27:25 UTC

We are requiring SCAP in oVirt Node, we want to make it available on hosts for hardening purpose.

Comment 1 Sandro Bonazzola 2018-08-14 16:15:00 UTC

Can be tested on master snapshot

Comment 2 Pavol Brilla 2018-08-27 08:24:23 UTC

# yum deplist ovirt-host | grep scap; yum list ovirt-host openscap* scap-security-guide

  dependency: openscap
   provider: openscap-1.2.17-1.fc28.i686
   provider: openscap-1.2.17-1.fc28.x86_64
  dependency: openscap-utils
   provider: openscap-utils-1.2.17-1.fc28.x86_64
  dependency: scap-security-guide
   provider: scap-security-guide-0.1.40-1.fc28.noarch
  dependency: openscap
   provider: openscap-1.2.17-1.fc28.i686
   provider: openscap-1.2.17-1.fc28.x86_64
  dependency: openscap-utils
   provider: openscap-utils-1.2.17-1.fc28.x86_64
  dependency: scap-security-guide
   provider: scap-security-guide-0.1.40-1.fc28.noarch

Installed Packages
openscap.x86_64                      1.2.17-1.fc28                                        @updates     
openscap-scanner.x86_64              1.2.17-1.fc28                                        @updates     
openscap-utils.x86_64                1.2.17-1.fc28                                        @updates     
ovirt-host.x86_64                    4.3.0-0.0.master.20180705071013.git7d4f97d.fc28      @ovirt-master
scap-security-guide.noarch           0.1.40-1.fc28                                        @updates

Comment 3 Sandro Bonazzola 2018-11-02 14:29:54 UTC

This bugzilla is included in oVirt 4.2.7 release, published on November 2nd 2018.

Since the problem described in this bug report should be
resolved in oVirt 4.2.7 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.

Comment 4 Sandro Bonazzola 2018-11-02 15:05:19 UTC

Closed by mistake, moving back to qa -> verified

Comment 5 Sandro Bonazzola 2019-02-13 07:44:57 UTC

This bugzilla is included in oVirt 4.3.0 release, published on February 4th 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.3.0 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.

Comment 6 Steve Goodman 2019-02-20 15:07:39 UTC

Hey Pavol, Please review the doc text just to make sure I got it right. I wasn't sure what exactly was meant by "in order to help hardening" in the previous doc text.

OLD: The openscap, openscap-utils and scap-security-guide packages have been added to oVirt Node in order to help hardening the oVirt Node deployments.

NOW: The openscap, openscap-utils and scap-security-guide packages have been added to oVirt Node in order to increase security hardening in oVirt Node deployments.

Comment 7 Steve Goodman 2019-02-24 14:17:21 UTC

Actually, are we talking about RHVH here? It looks to me like oVirt Node is the upstream version of RHVH. So is this about oVirt Node or RHVH?

Comment 8 Sandro Bonazzola 2019-02-25 07:04:20 UTC

(In reply to Steve Goodman from comment #7)
> Actually, are we talking about RHVH here? It looks to me like oVirt Node is
> the upstream version of RHVH. So is this about oVirt Node or RHVH?

This applies to both oVirt Node and RHV-H being exactly RHV-H downstream of oVirt Node.

Comment 9 Steve Goodman 2019-02-25 12:15:30 UTC

Thanks, Sandro. doc_text updated to replace oVirt Node with RHVH. Since this is the release notes for RHV, I don't think it makes sense to mention oVirt Node here.

Note You need to log in before you can comment on or make changes to this bug.