Greg,

Also feel free to check out:

https://github.com/RedHatGov/ssg-el6-kickstart

It will re-master a RHEL 6 DVD into an SSG installer.

Regards,

Frank Caviggia

All,

This is really helpful! Thank you.

Greg Elin P: 917-304-3488 E: gregelin@gitmachines.com

Sent from my iPhone

On May 14, 2015, at 3:45 PM, Ted Brunell tbrunell@redhat.com wrote:

Greg,

As others have pointed out, the work that was done in kickstart that I put together has been superseded and should be used now in lieu of the kickstart that I created 2 years ago.

That being said... The work itself was actually part of building a custom install DVD for RHEL 6 so that the system was more or less locked down before it ever rebooted. The guts of the workflow (found in the %post section) was:

# Install SSG yum localinstall -y /tmp/scap-security-guide-0.1-14.el6.noarch.rpm

# Scan using SSG and save the results as HTML cd /root oscap xccdf eval --profile stig-rhel6-server --results BeforeFix-ssg-results.xml --report BeforeFix-ssg-results.html --cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml

# Generate Fix Script oscap xccdf generate fix --result-id xccdf_org.open-scap_testresult_stig-rhel6-server BeforeFix-ssg-results.xml > /root/fix.sh

# Run Fix Script chmod +x fix.sh /bin/bash /root/fix.sh

# Re-Scan Server and save another report oscap xccdf eval --profile stig-rhel6-server --results AfterFix-ssg-results.xml --report AfterFix-ssg-results.html --cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml

I hope that helps.

R/ Ted

Ted Brunell - RHCDS, RHCE, RHCVA Senior Solution Architect DoD Cloud Specialist Red Hat, Inc. (c) 760-712-6837 tbrunell@redhat.com

----- Original Message ----- From: "Frank Caviggia" fcaviggi@redhat.com To: "SCAP Security Guide" scap-security-guide@lists.fedorahosted.org Sent: Thursday, May 14, 2015 11:29:14 AM Subject: Re: Kickstart with SSG/fixes and More

Greg,

Also feel free to check out:

https://github.com/RedHatGov/ssg-el6-kickstart

It will re-master a RHEL 6 DVD into an SSG installer.

Regards,

Frank Caviggia

-- Frank Caviggia Senior Consultant, Red Hat fcaviggi@redhat.com (M) (571) 295-4560

----- Original Message ----- From: "Martin Preisler" mpreisle@redhat.com To: "Greg Elin" gregelin@gitmachines.com Cc: "SCAP Security Guide" scap-security-guide@lists.fedorahosted.org Sent: Thursday, May 14, 2015 11:00:18 AM Subject: Re: Kickstart with SSG/fixes and More

----- Original Message -----

...

From: "Greg Elin" gregelin@gitmachines.com To: scap-security-guide@lists.fedorahosted.org, "Ted Brunell" tbrunell@redhat.com Sent: Thursday, May 14, 2015 4:29:46 PM Subject: RE: Kickstart with SSG/fixes and More

Ted,

I was googling about and came across a 2013 email to SSG list regarding kickstart with SSG fixes?

Can we get you to share that again? Thanks!

http://marc.info/?l=scap-security-guide&m=138031105712558&w=2

SSG has recently started shipping kickstarts, check out https://github.com/OpenSCAP/scap-security-guide/tree/master/RHEL/6/kickstart

-- Martin Preisler Security Technologies | Red Hat, Inc. -- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/

-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/ -- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/