Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 1514227

Summary: [RFE] Add OSCAP Anaconda Addon to Fedora anaconda
Product: [Fedora] Fedora Reporter: ralford
Component: oscap-anaconda-addonAssignee: Vratislav Podzimek <v.podzimek+fedora>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: anaconda-maint-list, jkonecny, jonathan, kellin, vanmeeuwen+fedora, vponcova, wwoods
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description ralford 2017-11-16 21:17:35 UTC
Description of problem:
Fedora lacks the OSCAP Anaconda Addon in Anaconda that is capable of hardening the OS on install. There are many users of Fedora that need and/or would like for this capability to exist as it does downstream. There are labs and other organizations who are Fedora users that have security hardening requirements that having this addon in Fedora by default would go a long way in making Fedora an even better user experience for them.

Also, Fedora atomic is also starting to make changes to meet NIST partitioning recommendations as well as potentially expanding to further hardening their images. Atomic needs OSCAP Anaconda Addon to be able to validate as well as harden atomic images.

In addition, this allows bugs to be discovered and addressed faster and directly upstream rather than dealing with them downstream. Make the addon better and more stable for all users.

This will also support the planned additional Fedora security profiles that will be added.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install Fedora either Anaconda GUI or kickstart

Actual results:

Expected results:
Ability to harden a system with OSCAP Anaconda Addon

Additional info:

Comment 1 Jiri Konecny 2017-11-20 08:47:11 UTC
I like your RFC but it's not choice of Anaconda installer. It is on the Fedora versions to add this addon to their product. I would guess this could be useful for Fedora Server and Fedora Atomic.

However, the main problem is that oscap-anaconda-addon is not building correctly for some time (from Fedora 22) and that needs to be fixed first. So I'm now changing component to the oscap addon to fix builds in Fedora.