Description of problem: On RHVH 4.4, STIG security profile is requiring audispd-plugins, pcsc-lite, and opensc, but they are not included in rhvh image. Version-Release number of selected component (if applicable): RHVH-4.4-20200507.1-RHVH-x86_64-dvd1.iso How reproducible: 100% Steps to Reproduce: 1. Install RHVH-4.4-20200507.1-RHVH-x86_64-dvd1.iso 2. Select STIG security profile during installation 3. After first reboot, check if the required pkgs are installed. Actual results: 1. tmux, openssh-server, aide are installed, but audispd-plugins, pcsc-lite, opensc are not. Expected results: 1. All pkgs required by STIG should be installed. Additional info:
pcsc-lite, opensc are smart card related. wsato can we avoid to require them in STIG profile for RHV-H?
(In reply to Sandro Bonazzola from comment #1) > pcsc-lite, opensc are smart card related. wsato can we avoid to require them > in STIG profile for RHV-H? Technically yes. But at the requirement level Gabe Alford is the one who should answer.
Since we are trying to create a STIG that we can submit to DISA, according to SRG-OS-000376-VMM-001520 smart card credentials are required for login. However if Gnome gets installed by one of these packages, we should fix that.
Adding the 3 packages changed the content of the image by: Install 685 Packages -> 690 Packages Total size: 403 M -> 405 M So nothing against including the packages.
*** Bug 1829265 has been marked as a duplicate of this bug. ***
Verified with: RHVH-4.4-20200618.0-RHVH-x86_64-dvd1.iso Steps: 1. Install RHVH, and select stig security profile 2. Check if required pkgs are installed Results: 1. audispd-plugins, pcsc-lite, and opensc are all installed, the versions are: audispd-plugins-3.0-0.17.20191104git1c2f876.el8.x86_64 pcsc-lite-1.8.23-3.el8.x86_64 opensc-0.19.0-7.el8.x86_64
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (RHV Host (redhat-virtualization-host) 4.4), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2020:3316