-
Notifications
You must be signed in to change notification settings - Fork 246
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DISA STIG secured Red Hat system: libraries failing to copy during mkrescue ('fapolicyd' hinders it) #2779
Comments
I was able to resolve this issue by adding "EXCLUDE_MOUNTPOINTS=(/dev/sdb)" to my local.conf. This was the secondary drive for the backup itself. So the local.conf looks like this:
|
Further investigating revealed that these settings didn't fix the issue but removing and re-installing fapolicyd application fixes it. This app controls app and file whitelist and is required under the stig |
@rtinsley87 You wrote "removing and re-installing fapolicyd": |
@jsmeix I agree that we should configure it correctly if we want to leave it installed. Thank you for providing the github link for fapolicyd so that we can understand it better. |
Relax-and-Recover (ReaR) Issue Template
Fill in the following items before submitting a new issue
(quick response is not guaranteed with free support):
ReaR version ("/usr/sbin/rear -V"):
2.6
OS version ("cat /etc/os-release" or "lsb_release -a" or "cat /etc/rear/os.conf"):
Red Hat 8.5
ReaR configuration files ("cat /etc/rear/site.conf" and/or "cat /etc/rear/local.conf"):
Hardware vendor/product (PC or PowerNV BareMetal or ARM) or VM (KVM guest or PowerVM LPAR):
PC
System architecture (x86 compatible or PPC64/PPC64LE or what exact ARM device):
x86 compatible
Firmware (BIOS or UEFI or Open Firmware) and bootloader (GRUB or ELILO or Petitboot):
UEFI & GRUB
Storage (local disk or SSD) and/or SAN (FC or iSCSI or FCoE) and/or multipath (DM or NVMe):
local SSD
Storage layout ("lsblk -ipo NAME,KNAME,PKNAME,TRAN,TYPE,FSTYPE,LABEL,SIZE,MOUNTPOINT"):
Description of the issue (ideally so that others can reproduce it):
This system is being setup for secure use so it was imaged
configured with the DISA stig for Red hat 8.5 with GUI.
When I run a the command "sudo rear -v mkrescue" it fails with a error warning
and it also shows this during recovery system test
When I checked the rootfs folder under usr/lib libtinfo.so.6 is missing from the folder.
I tried including the configuration line LIBS=(libtinfo.so.6) and it will give a line
during the verbose run that says libtinfo.so.6 failed to copy.
Workaround, if any:
tested on VM without controls implemented during imaging
and just required grub2 modules to be installed
Attachments, as applicable ("rear -D mkrescue/mkbackup/recover" debug log files): rear-Thuja.log
The text was updated successfully, but these errors were encountered: