Hello,
On Thu, Mar 28, 2019 at 4:50 PM Mike Johnston <[email protected]> wrote:
> I'm a new to this project and have always done my SCAP lock downs with
> kickstart scripts up until now. This looks to be something I switched to a
> long time ago.
>
> In the environment I work in, I need to make custom ISO installation disks
> to send out to the field. I've been testing out the 'addon
> xccdf_org.ssgproject.content_profile_stig-rhel7-disa' security profile and
> then made a custom tailored XML following the guidelines keep a few things
> on that were being removed. My problem is that now that I have my
> 'ssg-rhel7-ds-tailoring.xml' file, where do I put it in my kickstart image?
>
I've tried copying it in the post -nochroot section of my kickstart to
> /tmp/openscap_data and /root/openscap_data and neither of those worked.
>
>From what I see in the source code, the tailoring file needs to be in
"/tmp/openscap_data".
During the post install phase, the addon copies the file to
"/root/openscap_data" and uses the tailoring from there.
>
> Can someone tell me or show me where in the guide it show where it's
> supposed to go?
>
> This is what my kickstart looks like:
>
> -------------------------------------
> %post --nochroot
> cp /run/install/repo/hardening/ssg-rhel7-ds-tailoring.xml
> /root/openscap_data/
>
>
> %addon org_fedora_oscap
> content-type = scap-security-guide
> profile=xccdf_org.ssgproject.content_profile_stig-rhel7-disa
>
One thing to note is that the profile to use here should be the one created
in the tailoring file.
tailoring-path=ssg-rhel7-ds-tailoring.xml
> %end
> -------------------------------------
>
>
> Thanks for all the work...this is a great project.
> _______________________________________________
> scap-security-guide mailing list --
> [email protected]
> To unsubscribe send an email to
> [email protected]
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
>
--
Watson Sato
Security Technologies | Red Hat, Inc
_______________________________________________
scap-security-guide mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
