Greg, As others have pointed out, the work that was done in kickstart that I put together has been superseded and should be used now in lieu of the kickstart that I created 2 years ago.
That being said... The work itself was actually part of building a custom install DVD for RHEL 6 so that the system was more or less locked down before it ever rebooted. The guts of the workflow (found in the %post section) was: # Install SSG yum localinstall -y /tmp/scap-security-guide-0.1-14.el6.noarch.rpm # Scan using SSG and save the results as HTML cd /root oscap xccdf eval --profile stig-rhel6-server --results BeforeFix-ssg-results.xml --report BeforeFix-ssg-results.html --cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml # Generate Fix Script oscap xccdf generate fix --result-id xccdf_org.open-scap_testresult_stig-rhel6-server BeforeFix-ssg-results.xml > /root/fix.sh # Run Fix Script chmod +x fix.sh /bin/bash /root/fix.sh # Re-Scan Server and save another report oscap xccdf eval --profile stig-rhel6-server --results AfterFix-ssg-results.xml --report AfterFix-ssg-results.html --cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml I hope that helps. R/ Ted Ted Brunell - RHCDS, RHCE, RHCVA Senior Solution Architect DoD Cloud Specialist Red Hat, Inc. (c) 760-712-6837 [email protected] ----- Original Message ----- From: "Frank Caviggia" <[email protected]> To: "SCAP Security Guide" <[email protected]> Sent: Thursday, May 14, 2015 11:29:14 AM Subject: Re: Kickstart with SSG/fixes and More Greg, Also feel free to check out: https://github.com/RedHatGov/ssg-el6-kickstart It will re-master a RHEL 6 DVD into an SSG installer. Regards, Frank Caviggia -- Frank Caviggia Senior Consultant, Red Hat [email protected] (M) (571) 295-4560 ----- Original Message ----- From: "Martin Preisler" <[email protected]> To: "Greg Elin" <[email protected]> Cc: "SCAP Security Guide" <[email protected]> Sent: Thursday, May 14, 2015 11:00:18 AM Subject: Re: Kickstart with SSG/fixes and More ----- Original Message ----- > From: "Greg Elin" <[email protected]> > To: [email protected], "Ted Brunell" > <[email protected]> > Sent: Thursday, May 14, 2015 4:29:46 PM > Subject: RE: Kickstart with SSG/fixes and More > > Ted, > > I was googling about and came across a 2013 email to SSG list regarding > kickstart with SSG fixes? > > Can we get you to share that again? Thanks! > > http://marc.info/?l=scap-security-guide&m=138031105712558&w=2 SSG has recently started shipping kickstarts, check out https://github.com/OpenSCAP/scap-security-guide/tree/master/RHEL/6/kickstart -- Martin Preisler Security Technologies | Red Hat, Inc. -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/ -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/ -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
