1836026 – Add pkgs required by STIG

Bug 1836026 - Add pkgs required by STIG

Summary: Add pkgs required by STIG

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-host
Sub Component:
Version:	4.4.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	ovirt-4.4.1
Target Release:	4.4.1
Assignee:	Nir Levy
QA Contact:	Qin Yuan
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1829265 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-05-15 00:23 UTC by Qin Yuan
Modified:	2023-10-06 20:02 UTC (History)
CC List:	14 users (show)
Fixed In Version:	ovirt-host-4.4.1-4
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-08-04 16:22:45 UTC
oVirt Team:	Node
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHV-37135	None	None	None	2022-07-25 23:50:14 UTC
Red Hat Product Errata	RHEA-2020:3316	None	None	None	2020-08-04 16:22:58 UTC
oVirt gerrit	109641	master	MERGED	spec: changes for STIG hosts	2020-11-15 16:25:39 UTC

Description Qin Yuan 2020-05-15 00:23:41 UTC

Description of problem:
On RHVH 4.4, STIG security profile is requiring audispd-plugins, pcsc-lite, and opensc, but they are not included in rhvh image.

Version-Release number of selected component (if applicable):
RHVH-4.4-20200507.1-RHVH-x86_64-dvd1.iso

How reproducible:
100%

Steps to Reproduce:
1. Install RHVH-4.4-20200507.1-RHVH-x86_64-dvd1.iso
2. Select STIG security profile during installation
3. After first reboot, check if the required pkgs are installed.

Actual results:
1. tmux, openssh-server, aide are installed, but audispd-plugins, pcsc-lite, opensc are not.

Expected results:
1. All pkgs required by STIG should be installed.

Additional info:

Comment 1 Sandro Bonazzola 2020-05-19 08:01:43 UTC

pcsc-lite, opensc are smart card related. wsato can we avoid to require them in STIG profile for RHV-H?

Comment 2 Watson Yuuma Sato 2020-05-19 09:36:55 UTC

(In reply to Sandro Bonazzola from comment #1)
> pcsc-lite, opensc are smart card related. wsato can we avoid to require them
> in STIG profile for RHV-H?

Technically yes.
But at the requirement level Gabe Alford is the one who should answer.

Comment 3 ralford 2020-05-21 15:29:54 UTC

Since we are trying to create a STIG that we can submit to DISA, according to SRG-OS-000376-VMM-001520 smart card credentials are required for login. However if Gnome gets installed by one of these packages, we should fix that.

Comment 4 Sandro Bonazzola 2020-06-15 09:34:56 UTC

Adding the 3 packages changed the content of the image by:

Install  685 Packages -> 690 Packages
Total size: 403 M -> 405 M

So nothing against including the packages.

Comment 5 Sandro Bonazzola 2020-06-15 09:39:16 UTC

*** Bug 1829265 has been marked as a duplicate of this bug. ***

Comment 9 Qin Yuan 2020-06-23 01:06:04 UTC

Verified with:
RHVH-4.4-20200618.0-RHVH-x86_64-dvd1.iso

Steps:
1. Install RHVH, and select stig security profile
2. Check if required pkgs are installed

Results:
1. audispd-plugins, pcsc-lite, and opensc are all installed, the versions are:

audispd-plugins-3.0-0.17.20191104git1c2f876.el8.x86_64
pcsc-lite-1.8.23-3.el8.x86_64
opensc-0.19.0-7.el8.x86_64

Comment 11 errata-xmlrpc 2020-08-04 16:22:45 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (RHV Host (redhat-virtualization-host) 4.4), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:3316

Note You need to log in before you can comment on or make changes to this bug.