Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1514227 - [RFE] Add OSCAP Anaconda Addon to Fedora anaconda
Summary: [RFE] Add OSCAP Anaconda Addon to Fedora anaconda
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: oscap-anaconda-addon
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Vratislav Podzimek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-16 21:17 UTC by ralford
Modified: 2018-10-31 23:46 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description ralford 2017-11-16 21:17:35 UTC
Description of problem:
Fedora lacks the OSCAP Anaconda Addon in Anaconda that is capable of hardening the OS on install. There are many users of Fedora that need and/or would like for this capability to exist as it does downstream. There are labs and other organizations who are Fedora users that have security hardening requirements that having this addon in Fedora by default would go a long way in making Fedora an even better user experience for them.

Also, Fedora atomic is also starting to make changes to meet NIST partitioning recommendations as well as potentially expanding to further hardening their images. Atomic needs OSCAP Anaconda Addon to be able to validate as well as harden atomic images.

In addition, this allows bugs to be discovered and addressed faster and directly upstream rather than dealing with them downstream. Make the addon better and more stable for all users.

This will also support the planned additional Fedora security profiles that will be added.

Version-Release number of selected component (if applicable):
Rawhide

How reproducible:
Always

Steps to Reproduce:
1. Install Fedora either Anaconda GUI or kickstart
2.
3.

Actual results:
Always

Expected results:
Ability to harden a system with OSCAP Anaconda Addon

Additional info:

Comment 1 Jiri Konecny 2017-11-20 08:47:11 UTC
I like your RFC but it's not choice of Anaconda installer. It is on the Fedora versions to add this addon to their product. I would guess this could be useful for Fedora Server and Fedora Atomic.

However, the main problem is that oscap-anaconda-addon is not building correctly for some time (from Fedora 22) and that needs to be fixed first. So I'm now changing component to the oscap addon to fix builds in Fedora.


Note You need to log in before you can comment on or make changes to this bug.