Cloned to RHEL 7.6 for tracking
+++ This bug was initially created as a clone of Bug #1634239 +++
Description of problem:
Install RHVH-4.2-20180919.3-RHVH-x86_64-dvd1.iso, there is no SCAP security guide on Anaconda security policy page.
No such issue with RHEL 7.6
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Install RHVH-4.2-20180919.3-RHVH-x86_64-dvd1.iso, open SECURITY POLICY page on Anaconda
There is no SCAP security guide.
SCAP security guide should be present when the security policy page is opened.
--- Additional comment from Yuval Turgeman on 2018-10-07 07:43:13 EDT ---
Looks like oscap-anaconda-addon has changed to search for its content according to the productName - it used to search for:
"/usr/share/xml/scap/ssg/content/ssg-rhel%s-ds.xml" % productVersion... which expands to ssg-rhel7-ds.xml and is available from scap-security-guide.
and now it searches for:
"/usr/share/xml/scap/ssg/content/ssg-%s%s-ds.xml" % (productName, productVersion..") which expands in RHVH to ssg-RHVH4-ds.xml and this doesn't exist in scap-security-guide.
This corresponds to upstream issues
- datastream is a term defined in the SCAP standard. It is a XML file that a SCAP scanner s.a. oscap is able to consume. Datastreams contain definitions / checks for various security rules, and if one wants to install a RHEL7 system, one needs a RHEL7 datastream. Typically, the filename of that datastream is ssg-rhel7-ds.xml, as this is the name that we use in the scap-security-guide package and that file should have been selected.
- The button is in the oscap "Security Policy" spoke.
- Those URLs were examples, position of s.a. is incorrect, but it may be any of those URLs or none of them - it just depends on where the datastream ends up.
- By content I meant the datastream. The datastream typically contains several applicable security profiles.
I would not omit those URL examples, as they may increase confidence about how those URLs should look like.
Next, I have realized that affected users may not be 100% certain concerning what a datastream is, so I would mention that they want to upload the ssh-rhel7-ds.xml file from the scap-security-guide package that is shipped in the corresponding version of RHEL7.
Excuse me, I forgot to reply to you. I approve the last version, thank for your work!
Hi Sharon, you are right - it is a package.