All, This is really helpful! Thank you.
Greg Elin P: 917-304-3488 E: [email protected] Sent from my iPhone > On May 14, 2015, at 3:45 PM, Ted Brunell <[email protected]> wrote: > > Greg, > > As others have pointed out, the work that was done in kickstart that I put > together has been superseded and should be used now in lieu of the kickstart > that I created 2 years ago. > > That being said... The work itself was actually part of building a custom > install DVD for RHEL 6 so that the system was more or less locked down before > it ever rebooted. The guts of the workflow (found in the %post section) was: > > # Install SSG > yum localinstall -y /tmp/scap-security-guide-0.1-14.el6.noarch.rpm > > # Scan using SSG and save the results as HTML > cd /root > oscap xccdf eval --profile stig-rhel6-server --results > BeforeFix-ssg-results.xml --report BeforeFix-ssg-results.html --cpe > /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml > /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml > > # Generate Fix Script > oscap xccdf generate fix --result-id > xccdf_org.open-scap_testresult_stig-rhel6-server BeforeFix-ssg-results.xml > > /root/fix.sh > > # Run Fix Script > chmod +x fix.sh > /bin/bash /root/fix.sh > > # Re-Scan Server and save another report > oscap xccdf eval --profile stig-rhel6-server --results > AfterFix-ssg-results.xml --report AfterFix-ssg-results.html --cpe > /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml > /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml > > > I hope that helps. > > R/ > Ted > > Ted Brunell - RHCDS, RHCE, RHCVA > Senior Solution Architect > DoD Cloud Specialist > Red Hat, Inc. > (c) 760-712-6837 > [email protected] > > ----- Original Message ----- > From: "Frank Caviggia" <[email protected]> > To: "SCAP Security Guide" <[email protected]> > Sent: Thursday, May 14, 2015 11:29:14 AM > Subject: Re: Kickstart with SSG/fixes and More > > Greg, > > Also feel free to check out: > > https://github.com/RedHatGov/ssg-el6-kickstart > > It will re-master a RHEL 6 DVD into an SSG installer. > > Regards, > > Frank Caviggia > > -- > Frank Caviggia > Senior Consultant, Red Hat > [email protected] > (M) (571) 295-4560 > > > ----- Original Message ----- > From: "Martin Preisler" <[email protected]> > To: "Greg Elin" <[email protected]> > Cc: "SCAP Security Guide" <[email protected]> > Sent: Thursday, May 14, 2015 11:00:18 AM > Subject: Re: Kickstart with SSG/fixes and More > > ----- Original Message ----- >> From: "Greg Elin" <[email protected]> >> To: [email protected], "Ted Brunell" >> <[email protected]> >> Sent: Thursday, May 14, 2015 4:29:46 PM >> Subject: RE: Kickstart with SSG/fixes and More >> >> Ted, >> >> I was googling about and came across a 2013 email to SSG list regarding >> kickstart with SSG fixes? >> >> Can we get you to share that again? Thanks! >> >> http://marc.info/?l=scap-security-guide&m=138031105712558&w=2 > > SSG has recently started shipping kickstarts, check out > https://github.com/OpenSCAP/scap-security-guide/tree/master/RHEL/6/kickstart > > -- > Martin Preisler > Security Technologies | Red Hat, Inc. > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/ > > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/ > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/ -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
