Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

centos stream 8: addon fails with centos scap-security-guide #205

Open
sandrobonazzola opened this issue Apr 29, 2022 · 2 comments
Open

Comments

@sandrobonazzola
Copy link

Trying to deploy CentOS Stream 8 with DISA-STIG.

Using https://koji.mbox.centos.org/pkgs/packages/scap-security-guide/0.1.60/7.el8/noarch/scap-security-guide-0.1.60-7.el8.noarch.rpm
during the installation it fails with When dealing with datastream, there was already the ssg-jre-ds-1.2.xml when setting the new ssg-rhel7-ds-1.2.xml

@ggbecker
Copy link
Member

Unfortunately the support for centos8 was very rough and it never played well with the anaconda integration. When it became centos stream, we've put some effort to make centos9 stream better in this regards so the integration with anaconda is works, but we don't have plans to update centos8 stream at the moment.

As a workaround you can always run oscap with the datastream after the installation (using this ks may help as well but remove the addon section) but please bear in mind that content in centos8 stream won't contain profiles such as DISA-STIG predefined as they are stripped out from the datastream (due to some old guidance).

CentOS 9 Stream should have all the profiles the same as RHEL9. I know RHEL9 has not been released yet, but the future should be way better for CentOS Stream and SCAP content.

@sandrobonazzola
Copy link
Author

Ok I guess you can then close this issue.
Adding a note on a procedure which worked for me:

Generate a scap-security-guide-0.1.61-custom.zip by taking
https://github.com/ComplianceAsCode/content/releases/download/v0.1.61/scap-security-guide-0.1.61.zip
extracting the content, removing all the ssg xml files except for ssg-centos8-ds.xml and re-creating the zip.
zip scap-security-guide-0.1.61-custom.zip -9 -r scap-security-guide-0.1.61-custom

This zip file can be used to feed CentOS Stream 8 URL for fetching security profiles, you need to make it available over http.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants