New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security policy checks #1308
Security policy checks #1308
Conversation
3de1f03
to
e05625b
Compare
OK, only when seeing this PR do I understand the purpose of scopes in yast/yast-security#131 : |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, except the dependencies:
This depends on yast/yast-security#131 and it should be expressed as a RPM dependency.
We can't do a Require
on yast2-security because that would make a circular dependency, but this should work:
Conflicts: yast2-security < 4.4.15
Actually it does not conflict. Policy issues are not shown in that case. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM now.
OK, my fault, I was basically repeating my request after you have fulfilled it by the comment in commit ee3e555.
I guess it's unsettling to me to see a dependency handled in code and omitted in RPM spec
😆
4f70300
to
e16210d
Compare
✔️ Internal Jenkins job #8 successfully finished |
Problem
YaST installer is now able to validate whether a setup fulfills the installation requirements of the DISA STIG security policy, see yast/yast-security#128. Some of those checks affect to the storage setup. But neither Guided Setup nor Expert Partitioner are performing checks for the enabled security policy.
Solution
Perform policy checks and show issues in both the storage proposal dialog and the Expert Partitioner. Note that a policy can be enabled by default with the
YAST_SECURITY_POLICY
boot parameter, for exampleYAST_SECURITY_POLICY=stig
.NOTE: this will be merged after yast/yast-security#128.
Testing
Screenshots