Bug 1634239 - No SCAP security guide on Anaconda security policy page
Summary: No SCAP security guide on Anaconda security policy page
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-node
Classification: oVirt
Component: Installation & Update
Version: 4.2
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ovirt-4.3.0
: ---
Assignee: Yuval Turgeman
QA Contact: Qin Yuan
URL:
Whiteboard:
Depends On:
Blocks: RHV-H_4.3_STIG
TreeView+ depends on / blocked
 
Reported: 2018-09-29 08:30 UTC by Qin Yuan
Modified: 2019-02-13 07:45 UTC (History)
11 users (show)

Fixed In Version: redhat-virtualization-host-productimg-4.3-0.0.el7
Doc Type: Bug Fix
Doc Text:
oscap-anaconda-addon was changed to read the datastream file based on the OS name and version. Consequently, the addon looks for a datastream file named "ssg-rhvh4-ds.xml," which does not exist, so no OSCAP profiles are shown. The relevant OSCAP profiles for RHVH reside in ssg-rhel7-ds.xml, so a symlink was added named ssg-rhvh4-ds.xml that references ssg-rhel7-ds.xml.
Clone Of:
: 1636847 (view as bug list)
Environment:
Last Closed: 2019-02-13 07:45:12 UTC
oVirt Team: Node
Embargoed:
rule-engine: ovirt-4.3+
cshao: testing_ack+

Attachments (Terms of Use)
security policy page screenshot (39.75 KB, image/png)
2018-09-29 08:30 UTC, Qin Yuan 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1636847 0 high CLOSED No SCAP security guide on Anaconda security policy page 2021-02-22 00:41:40 UTC
oVirt gerrit 96520 0 'None' MERGED stig: enable oscap addon in node-iso 2020-03-21 15:06:53 UTC
oVirt gerrit 96521 0 'None' MERGED stig: enable oscap addon in node-iso 2020-03-21 15:06:53 UTC

Internal Links: 1636847

Description Qin Yuan 2018-09-29 08:30:43 UTC 
Created attachment 1488316 [details]
security policy page screenshot

Description of problem:
Install RHVH-4.2-20180919.3-RHVH-x86_64-dvd1.iso, there is no SCAP security guide on Anaconda security policy page.
No such issue with RHEL 7.6

Version-Release number of selected component (if applicable):
RHVH-4.2-20180919.3-RHVH-x86_64-dvd1.iso

How reproducible:
100%

Steps to Reproduce:
1.Install RHVH-4.2-20180919.3-RHVH-x86_64-dvd1.iso, open SECURITY POLICY page on Anaconda

Actual results:
There is no SCAP security guide.

Expected results:
SCAP security guide should be present when the security policy page is opened.

Additional info:
Comment 1 Yuval Turgeman 2018-10-07 11:43:13 UTC 
Looks like oscap-anaconda-addon has changed to search for its content according to the productName - it used to search for:

"/usr/share/xml/scap/ssg/content/ssg-rhel%s-ds.xml" % productVersion... which expands to ssg-rhel7-ds.xml and is available from scap-security-guide.

and now it searches for:

"/usr/share/xml/scap/ssg/content/ssg-%s%s-ds.xml" % (productName, productVersion..")  which expands in RHVH to ssg-RHVH4-ds.xml and this doesn't exist in scap-security-guide.
Comment 4 Sandro Bonazzola 2018-10-10 15:13:10 UTC 
Let's workaround bug #1636847 and open a separate bug to remove the workaround once the fix will be available.
Comment 6 Qin Yuan 2018-12-12 10:34:50 UTC 
With RHVH-4.3-20181210.0-RHVH-x86_64-dvd1.iso, SCAP security guide is available now.
Comment 7 Sandro Bonazzola 2019-02-13 07:45:12 UTC 
This bugzilla is included in oVirt 4.3.0 release, published on February 4th 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.3.0 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.
Note You need to log in before you can comment on or make changes to this bug.