Does Red Hat Satellite 6 and Red Hat Satellite Capsule 6 support hardening?

Solution Verified - Updated

Environment

  • Red Hat Satellite 6
  • Red Hat Satellite Capsule 6

Issue

  • Does Red Hat Satellite and Red Hat Capsule 6 support hardening?
  • Does Red Hat have any security hardening tool or guide?
  • Is it possible to Hardening Red Hat satellite 6 with DISA STIGs or CIS Benchmarks?
  • Is there any plan to support Hardening for an upcoming version of Red Hat Satellite and Red Hat Capsule 6.x?
  • Is the installation and use of Red Hat Satellite/Capsule 6.x compatible with the Content from www.ssi.gouv.fr is not included.ANSII recommendations?

Resolution

  • Red Hat Satellite 6 and Red Hat Satellite Capsule 6 doesn't support hardening. Refer to Red Hat Satellite Installation Guide for more details.

  • Red Hat Satellite Server and Red Hat Satellite Capsule Server require Red Hat Enterprise Linux installations with the @Base package group with no other package-set modifications, and without third-party configurations or software not directly necessary for the direct operation of the server.

  • This restriction includes hardening and other non-Red Hat security software. If you require such software in your infrastructure, install and verify a complete working Red Hat Satellite Server first, then create a backup of the system before adding any non-Red Hat software.

  • Hardening of the components that are mentioned in the Security Guide is only supported. Need to follow the Security Guide to perform the hardening of the Red Hat Satellite and Red Hat Capsule server.

  • As of now, there is no near-term plan in both Red Hat Satellite and Red Hat Capsule 6.x releases to offer additional hardening support for standards such as DISA/CIS/STIG

  • Currently, the New installation of Red Hat Satellite 6 and Red Hat Capsule 6 servers on FIPS is supported, refer Is it supported to install Red Hat Satellite 6 or Red Hat Satellite Capsule 6 on a FIPS enabled RHEL system?

  • This content is not included.Request for enhancement 2109740 allowed Red Hat Satellite deployments, starting with the 6.15 release, to support fapolicyd running on Satellite/Capsule server. Satellite/Capsule installation will detect that fapolicyd is installed on the system and it will deploy the Satellite rules during the standard installation process.

  • Similar to our FIPS policy, we support the underlying OS meeting STIG standards. However, we do not support the Red Hat Satellite/Capsule application meeting STIG standards. In other words, just as we support FIPS-enabled RHEL we will support fapolicyd-enabled RHEL. We do not support FIPS/fapolicyd being enabled for each of the application services that compose Satellite.

SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.