Re: [Open-scap] question on addon_fedora_oscap

Thu, 04 Oct 2018 08:03:54 -0700 

Another option, and one we're using right now for generating a production 
installation ISO, is to do apply the profile near the end of the %post section 
in our kickstart.

-Rob
  

-- 
ROBERT SANDERS
Sr. Secure Systems Engineer
 
FORCEPOINT
T +1.703.896.4762
F +1.703.318.5041
www.forcepoint.com



FORWARD WITHOUT FEAR
 

On 10/4/18, 10:44 AM, "open-scap-list-boun...@redhat.com on behalf of Shawn 
Wells" <open-scap-list-boun...@redhat.com on behalf of sh...@redhat.com> wrote:

    
    
    On 10/4/18 3:05 AM, Jan Cerny wrote:
    > Hi,
    >
    > Unfortunately, the "tailoring" feature is broken in Anaconda Addon.
    >
    > However, there is a workaround, suggested by Watson Yuuma Sato (adding 
him to this conversation).
    > Let me copy-paste his idea:
    >
    > There is a tool that can combine the tailoring to the datastream or XCCDF 
file. So it is possible
    > to embed the tailoring into content file and get it through "content-url" 
field.
    >
    > Quick howto commands and instructions below:
    > Grab the combine-tailoring tool
    > $ git clonehttps://github.com/mpreisler/combine-tailoring.git
    > cd combine-tailoring
    >
    > Combine tailoring and content
    > ./combine-tailoring.py --output ssg-rhel7-ds-combined.xml 
/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml 
ssg-rhel7-ds-standard-tailoring.xml
    >
    > Serve the file ssg-rhel7-ds-combined.xml in your network, and
    > in the kickstart:
    > - change content-type to datastream or xccdf
    > - add field content-url and point to your new combined content
    > - change profile to the id of your customized profile, please note that 
it must be the full id.
    >
    > For example:
    > %addon org_fedora_oscap
    >         content-type = datastream
    >         content-url =http://192.168.0.2/content/ssg-rhel7-ds-combined.xml
    >         profile = xccdf_org.ssgproject.content_profile_standard_customized
    > %end
    >
    >
    > Hopefully it helps.
    
    Where can we find the BZ tracking fixing tailoring in Anaconda? Will 
    this be included in the RHEL 7.6 release?
    
    Also - where can we find the KBase article documenting the work around 
    on the customer portal?
    
    _______________________________________________
    Open-scap-list mailing list
    Open-scap-list@redhat.com
    https://www.redhat.com/mailman/listinfo/open-scap-list
    


_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Reply via email to