diff --git a/products/rhel7/kickstart/ssg-rhel7-anssi_nt28_enhanced-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-anssi_nt28_enhanced-ks.cfg index 7ffeca77227..e17518546c6 100644 --- a/products/rhel7/kickstart/ssg-rhel7-anssi_nt28_enhanced-ks.cfg +++ b/products/rhel7/kickstart/ssg-rhel7-anssi_nt28_enhanced-ks.cfg @@ -42,7 +42,7 @@ install lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -78,9 +78,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="audit=1 audit_backlog_limig=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --append="audit=1 audit_backlog_limig=8192" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -98,29 +98,29 @@ part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=4216 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=4216 --grow # Ensure /usr Located On Separate Partition -logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev" +logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=5000 --fsoptions="nodev" # Ensure /opt Located On Separate Partition -logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" +logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" # Ensure /srv Located On Separate Partition -logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" +logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" # Ensure /home Located On Separate Partition -logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" # Ensure /var/tmp Located On Separate Partition -logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var Located On Separate Partition -logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048 --fsoptions="nodev" +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev" +logvol swap --name=swap --vgname=VolGroup --size=2016 # Despite the ID referencing NT-28, the profile is aligned to BP-028 %addon org_fedora_oscap @@ -130,11 +130,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel7/kickstart/ssg-rhel7-anssi_nt28_high-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-anssi_nt28_high-ks.cfg index 8f9cdcaf2a2..78d6cebe72a 100644 --- a/products/rhel7/kickstart/ssg-rhel7-anssi_nt28_high-ks.cfg +++ b/products/rhel7/kickstart/ssg-rhel7-anssi_nt28_high-ks.cfg @@ -42,7 +42,7 @@ install lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -82,9 +82,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --append="audit=1 audit_backlog_limit=8192" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -102,29 +102,29 @@ part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=4216 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=4216 --grow # Ensure /usr Located On Separate Partition -logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev" +logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=5000 --fsoptions="nodev" # Ensure /opt Located On Separate Partition -logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" +logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" # Ensure /srv Located On Separate Partition -logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" +logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" # Ensure /home Located On Separate Partition -logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" # Ensure /var/tmp Located On Separate Partition -logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var Located On Separate Partition -logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048 --fsoptions="nodev" +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev" +logvol swap --name=swap --vgname=VolGroup --size=2016 # Despite the ID referencing NT-28, the profile is aligned to BP-028 %addon org_fedora_oscap @@ -134,11 +134,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel7/kickstart/ssg-rhel7-anssi_nt28_intermediary-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-anssi_nt28_intermediary-ks.cfg index 946a11161d3..1b87d400a95 100644 --- a/products/rhel7/kickstart/ssg-rhel7-anssi_nt28_intermediary-ks.cfg +++ b/products/rhel7/kickstart/ssg-rhel7-anssi_nt28_intermediary-ks.cfg @@ -42,7 +42,7 @@ install lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -78,9 +78,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -98,29 +98,29 @@ part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=4216 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=4216 --grow # Ensure /usr Located On Separate Partition -logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev" +logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=5000 --fsoptions="nodev" # Ensure /opt Located On Separate Partition -logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" +logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" # Ensure /srv Located On Separate Partition -logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" +logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" # Ensure /home Located On Separate Partition -logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" # Ensure /var/tmp Located On Separate Partition -logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var Located On Separate Partition -logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048 --fsoptions="nodev" +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev" +logvol swap --name=swap --vgname=VolGroup --size=2016 # Despite the ID referencing NT-28, the profile is aligned to BP-028 %addon org_fedora_oscap @@ -130,11 +130,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel7/kickstart/ssg-rhel7-anssi_nt28_minimal-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-anssi_nt28_minimal-ks.cfg index d508073d638..a25d1b29246 100644 --- a/products/rhel7/kickstart/ssg-rhel7-anssi_nt28_minimal-ks.cfg +++ b/products/rhel7/kickstart/ssg-rhel7-anssi_nt28_minimal-ks.cfg @@ -42,7 +42,7 @@ install lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -68,9 +68,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr +bootloader # Initialize (format) all disks (optional) zerombr @@ -94,11 +94,7 @@ autopart # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel7/kickstart/ssg-rhel7-cis-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-cis-ks.cfg index 6950898ba95..04438000dae 100644 --- a/products/rhel7/kickstart/ssg-rhel7-cis-ks.cfg +++ b/products/rhel7/kickstart/ssg-rhel7-cis-ks.cfg @@ -41,7 +41,7 @@ install lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -81,9 +81,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -101,25 +101,25 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10752 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10752 --grow # Ensure /home Located On Separate Partition -logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" # Ensure /var/tmp Located On Separate Partition -logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var Located On Separate Partition -logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048 +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 # Ensure /dev/shm Located on Separate Partition -logvol /dev/shm --name=LogVol8 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /dev/shm --name=devshm --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" +logvol swap --name=swap --vgname=VolGroup --size=2016 @@ -133,11 +133,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel7/kickstart/ssg-rhel7-cis_server_l1-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-cis_server_l1-ks.cfg index b2cd4764862..3e514f66e7b 100644 --- a/products/rhel7/kickstart/ssg-rhel7-cis_server_l1-ks.cfg +++ b/products/rhel7/kickstart/ssg-rhel7-cis_server_l1-ks.cfg @@ -41,7 +41,7 @@ install lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -81,9 +81,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -101,15 +101,25 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10752 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10752 --grow +# Ensure /home Located On Separate Partition +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +# Ensure /var/tmp Located On Separate Partition +logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +# Ensure /var Located On Separate Partition +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 +# Ensure /var/log Located On Separate Partition +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 +# Ensure /var/log/audit Located On Separate Partition +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 # Ensure /dev/shm Located on Separate Partition -logvol /dev/shm --name=LogVol8 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /dev/shm --name=devshm --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" +logvol swap --name=swap --vgname=VolGroup --size=2016 # Harden installation with CIS profile @@ -122,11 +132,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel7/kickstart/ssg-rhel7-cis_workstation_l1-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-cis_workstation_l1-ks.cfg index 415e62f0351..6a5eb076523 100644 --- a/products/rhel7/kickstart/ssg-rhel7-cis_workstation_l1-ks.cfg +++ b/products/rhel7/kickstart/ssg-rhel7-cis_workstation_l1-ks.cfg @@ -41,7 +41,7 @@ install lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -81,9 +81,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -101,15 +101,25 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10752 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10752 --grow +# Ensure /home Located On Separate Partition +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +# Ensure /var/tmp Located On Separate Partition +logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +# Ensure /var Located On Separate Partition +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 +# Ensure /var/log Located On Separate Partition +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 +# Ensure /var/log/audit Located On Separate Partition +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 # Ensure /dev/shm Located on Separate Partition -logvol /dev/shm --name=LogVol8 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /dev/shm --name=devshm --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" +logvol swap --name=swap --vgname=VolGroup --size=2016 @@ -123,11 +133,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel7/kickstart/ssg-rhel7-cis_workstation_l2-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-cis_workstation_l2-ks.cfg index 579fa041b8c..867f5d710a6 100644 --- a/products/rhel7/kickstart/ssg-rhel7-cis_workstation_l2-ks.cfg +++ b/products/rhel7/kickstart/ssg-rhel7-cis_workstation_l2-ks.cfg @@ -41,7 +41,7 @@ install lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -81,9 +81,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -101,25 +101,25 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10752 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10752 --grow # Ensure /home Located On Separate Partition -logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" # Ensure /var/tmp Located On Separate Partition -logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var Located On Separate Partition -logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048 +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 # Ensure /dev/shm Located on Separate Partition -logvol /dev/shm --name=LogVol8 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /dev/shm --name=devshm --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" +logvol swap --name=swap --vgname=VolGroup --size=2016 @@ -133,11 +133,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel7/kickstart/ssg-rhel7-e8-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-e8-ks.cfg index 158679ac073..040ab0516df 100644 --- a/products/rhel7/kickstart/ssg-rhel7-e8-ks.cfg +++ b/products/rhel7/kickstart/ssg-rhel7-e8-ks.cfg @@ -41,7 +41,7 @@ install lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -81,9 +81,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -109,11 +109,7 @@ autopart # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel7/kickstart/ssg-rhel7-hipaa-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-hipaa-ks.cfg index aa61c6a441a..edc0b0a4b22 100644 --- a/products/rhel7/kickstart/ssg-rhel7-hipaa-ks.cfg +++ b/products/rhel7/kickstart/ssg-rhel7-hipaa-ks.cfg @@ -41,7 +41,7 @@ install lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -81,9 +81,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -109,11 +109,7 @@ autopart # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel7/kickstart/ssg-rhel7-ospp-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-ospp-ks.cfg index 973da9f4f3a..b8e2b2f297a 100644 --- a/products/rhel7/kickstart/ssg-rhel7-ospp-ks.cfg +++ b/products/rhel7/kickstart/ssg-rhel7-ospp-ks.cfg @@ -42,7 +42,7 @@ install lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -82,9 +82,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -102,23 +102,23 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=11264 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=11264 --grow # Ensure /home Located On Separate Partition -logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" # Ensure /var/tmp Located On Separate Partition -logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var Located On Separate Partition -logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048 --fsoptions="nodev" +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev" +logvol swap --name=swap --vgname=VolGroup --size=2016 %addon org_fedora_oscap content-type = scap-security-guide @@ -127,11 +127,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel7/kickstart/ssg-rhel7-pci-dss-server-with-gui-oaa-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-pci-dss-server-with-gui-oaa-ks.cfg index 13e83db86f2..684a6c5beb5 100644 --- a/products/rhel7/kickstart/ssg-rhel7-pci-dss-server-with-gui-oaa-ks.cfg +++ b/products/rhel7/kickstart/ssg-rhel7-pci-dss-server-with-gui-oaa-ks.cfg @@ -42,7 +42,7 @@ install lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -77,9 +77,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -97,21 +97,21 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=12288 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=12288 --grow # CCE-26557-9: Ensure /home Located On Separate Partition -logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # CCE-26435-8: Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" # CCE-26639-5: Ensure /var Located On Separate Partition -logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048 --fsoptions="nodev" +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 --fsoptions="nodev" # CCE-26215-4: Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev" # CCE-26436-6: Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev" +logvol swap --name=swap --vgname=VolGroup --size=2016 %addon org_fedora_oscap content-type = scap-security-guide @@ -124,7 +124,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Require 'Server with GUI' package environment to be installed @^Server with GUI -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel7/kickstart/ssg-rhel7-stig-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-stig-ks.cfg index 33cd2763221..c5e091cffe2 100644 --- a/products/rhel7/kickstart/ssg-rhel7-stig-ks.cfg +++ b/products/rhel7/kickstart/ssg-rhel7-stig-ks.cfg @@ -33,7 +33,7 @@ install lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -70,7 +70,7 @@ timezone --utc America/New_York # Plaintext password is: password # Refer to e.g. http://fedoraproject.org/wiki/Anaconda/Kickstart#rootpw to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$rhel6usgcb$kOzIfC4zLbuo3ECp1er99NRYikN419wxYMmons8Vm/37Qtg0T8aB9dKxHwqapz8wWAFuVkuI/UJqQBU92bA5C0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -88,21 +88,21 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=12288 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=12288 --grow # CCE-26557-9: Ensure /home Located On Separate Partition -logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # CCE-26435-8: Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" # CCE-26639-5: Ensure /var Located On Separate Partition -logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048 --fsoptions="nodev" +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 --fsoptions="nodev" # CCE-26215-4: Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev" # CCE-26436-6: Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev" +logvol swap --name=swap --vgname=VolGroup --size=2016 # The full id of DISA STIG profile is used because otherwise there would be # a conflict with rhelh-stig. @@ -113,11 +113,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel7/kickstart/ssg-rhel7-stig_gui-ks.cfg b/products/rhel7/kickstart/ssg-rhel7-stig_gui-ks.cfg index 6f69e063ab8..cdde4bcbdf7 100644 --- a/products/rhel7/kickstart/ssg-rhel7-stig_gui-ks.cfg +++ b/products/rhel7/kickstart/ssg-rhel7-stig_gui-ks.cfg @@ -33,7 +33,7 @@ install lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -70,7 +70,7 @@ timezone --utc America/New_York # Plaintext password is: password # Refer to e.g. http://fedoraproject.org/wiki/Anaconda/Kickstart#rootpw to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$rhel6usgcb$kOzIfC4zLbuo3ECp1er99NRYikN419wxYMmons8Vm/37Qtg0T8aB9dKxHwqapz8wWAFuVkuI/UJqQBU92bA5C0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -88,21 +88,21 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=12288 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=12288 --grow # CCE-26557-9: Ensure /home Located On Separate Partition -logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # CCE-26435-8: Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" # CCE-26639-5: Ensure /var Located On Separate Partition -logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048 --fsoptions="nodev" +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 --fsoptions="nodev" # CCE-26215-4: Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev" # CCE-26436-6: Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev" +logvol swap --name=swap --vgname=VolGroup --size=2016 %addon org_fedora_oscap content-type = scap-security-guide @@ -111,12 +111,10 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages -# Graphical User Interface package group -@^graphical-server-environment -# Require @Base -@Base -%end # End of %packages section +@^Server with GUI + +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel8/kickstart/ssg-rhel8-anssi_bp28_enhanced-ks.cfg b/products/rhel8/kickstart/ssg-rhel8-anssi_bp28_enhanced-ks.cfg index 925f59e4fc2..57941e21011 100644 --- a/products/rhel8/kickstart/ssg-rhel8-anssi_bp28_enhanced-ks.cfg +++ b/products/rhel8/kickstart/ssg-rhel8-anssi_bp28_enhanced-ks.cfg @@ -37,7 +37,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -69,9 +69,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --append="audit=1 audit_backlog_limit=8192" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -89,16 +89,16 @@ part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=3192 --grow # Ensure /usr Located On Separate Partition -logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=6536 --fsoptions="nodev" +logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=6536 --fsoptions="nodev" # Ensure /opt Located On Separate Partition -logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid" +logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid" # Ensure /srv Located On Separate Partition -logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid" +logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid" # Ensure /home Located On Separate Partition logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition @@ -108,9 +108,9 @@ logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsopt # Ensure /var Located On Separate Partition logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) @@ -147,11 +147,7 @@ logvol swap --name=swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel8/kickstart/ssg-rhel8-anssi_bp28_high-ks.cfg b/products/rhel8/kickstart/ssg-rhel8-anssi_bp28_high-ks.cfg index 5be03e5480e..1dc1d9efe77 100644 --- a/products/rhel8/kickstart/ssg-rhel8-anssi_bp28_high-ks.cfg +++ b/products/rhel8/kickstart/ssg-rhel8-anssi_bp28_high-ks.cfg @@ -37,7 +37,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -73,9 +73,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --append="audit=1 audit_backlog_limit=8192" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -93,16 +93,16 @@ part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=3192 --grow # Ensure /usr Located On Separate Partition -logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=6536 --fsoptions="nodev" +logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=6536 --fsoptions="nodev" # Ensure /opt Located On Separate Partition -logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid" +logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid" # Ensure /srv Located On Separate Partition -logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid" +logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid" # Ensure /home Located On Separate Partition logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition @@ -112,9 +112,9 @@ logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsopt # Ensure /var Located On Separate Partition logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) @@ -151,11 +151,7 @@ logvol swap --name=swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel8/kickstart/ssg-rhel8-anssi_bp28_intermediary-ks.cfg b/products/rhel8/kickstart/ssg-rhel8-anssi_bp28_intermediary-ks.cfg index e0b246fc98b..baa90bca355 100644 --- a/products/rhel8/kickstart/ssg-rhel8-anssi_bp28_intermediary-ks.cfg +++ b/products/rhel8/kickstart/ssg-rhel8-anssi_bp28_intermediary-ks.cfg @@ -37,7 +37,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -69,9 +69,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -bootloader --location=mbr +bootloader # Initialize (format) all disks (optional) zerombr @@ -89,16 +89,16 @@ part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=3192 --grow # Ensure /usr Located On Separate Partition -logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=6536 --fsoptions="nodev" +logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=6536 --fsoptions="nodev" # Ensure /opt Located On Separate Partition -logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid" +logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid" # Ensure /srv Located On Separate Partition -logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid" +logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid" # Ensure /home Located On Separate Partition logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition @@ -108,9 +108,9 @@ logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsopt # Ensure /var Located On Separate Partition logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) @@ -147,11 +147,7 @@ logvol swap --name=swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel8/kickstart/ssg-rhel8-anssi_bp28_minimal-ks.cfg b/products/rhel8/kickstart/ssg-rhel8-anssi_bp28_minimal-ks.cfg index 3d4bbd0cf7d..676cf9cdcd1 100644 --- a/products/rhel8/kickstart/ssg-rhel8-anssi_bp28_minimal-ks.cfg +++ b/products/rhel8/kickstart/ssg-rhel8-anssi_bp28_minimal-ks.cfg @@ -37,7 +37,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -59,9 +59,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -bootloader --location=mbr +bootloader # Initialize (format) all disks (optional) zerombr @@ -111,11 +111,7 @@ autopart # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel8/kickstart/ssg-rhel8-cis-ks.cfg b/products/rhel8/kickstart/ssg-rhel8-cis-ks.cfg index d354f506fd2..c13bac30d00 100644 --- a/products/rhel8/kickstart/ssg-rhel8-cis-ks.cfg +++ b/products/rhel8/kickstart/ssg-rhel8-cis-ks.cfg @@ -38,7 +38,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -72,9 +72,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -92,23 +92,23 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10240 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow # Ensure /home Located On Separate Partition -logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" # Ensure /var/tmp Located On Separate Partition -logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var Located On Separate Partition -logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072 +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 +logvol swap --name=swap --vgname=VolGroup --size=2016 # Harden installation with CIS profile @@ -121,11 +121,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel8/kickstart/ssg-rhel8-cis_server_l1-ks.cfg b/products/rhel8/kickstart/ssg-rhel8-cis_server_l1-ks.cfg index ddf6d2e45c6..af5c338cf55 100644 --- a/products/rhel8/kickstart/ssg-rhel8-cis_server_l1-ks.cfg +++ b/products/rhel8/kickstart/ssg-rhel8-cis_server_l1-ks.cfg @@ -38,7 +38,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -72,9 +72,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -92,13 +92,23 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=16896 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow +# Ensure /home Located On Separate Partition +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +# Ensure /var/tmp Located On Separate Partition +logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +# Ensure /var Located On Separate Partition +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 +# Ensure /var/log Located On Separate Partition +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 +# Ensure /var/log/audit Located On Separate Partition +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 +logvol swap --name=swap --vgname=VolGroup --size=2016 # Harden installation with CIS profile @@ -111,11 +121,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel8/kickstart/ssg-rhel8-cis_workstation_l1-ks.cfg b/products/rhel8/kickstart/ssg-rhel8-cis_workstation_l1-ks.cfg index 037583b1856..8af19101043 100644 --- a/products/rhel8/kickstart/ssg-rhel8-cis_workstation_l1-ks.cfg +++ b/products/rhel8/kickstart/ssg-rhel8-cis_workstation_l1-ks.cfg @@ -38,7 +38,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -72,9 +72,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -92,13 +92,23 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=16896 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow +# Ensure /home Located On Separate Partition +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +# Ensure /var/tmp Located On Separate Partition +logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +# Ensure /var Located On Separate Partition +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 +# Ensure /var/log Located On Separate Partition +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 +# Ensure /var/log/audit Located On Separate Partition +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 +logvol swap --name=swap --vgname=VolGroup --size=2016 # Harden installation with CIS profile @@ -111,11 +121,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel8/kickstart/ssg-rhel8-cis_workstation_l2-ks.cfg b/products/rhel8/kickstart/ssg-rhel8-cis_workstation_l2-ks.cfg index fa7889a9bcd..08bb4b1f132 100644 --- a/products/rhel8/kickstart/ssg-rhel8-cis_workstation_l2-ks.cfg +++ b/products/rhel8/kickstart/ssg-rhel8-cis_workstation_l2-ks.cfg @@ -38,7 +38,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -72,9 +72,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -92,23 +92,23 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10240 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow # Ensure /home Located On Separate Partition -logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" # Ensure /var/tmp Located On Separate Partition -logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var Located On Separate Partition -logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072 +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 +logvol swap --name=swap --vgname=VolGroup --size=2016 # Harden installation with CIS profile @@ -121,11 +121,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel8/kickstart/ssg-rhel8-cui-ks.cfg b/products/rhel8/kickstart/ssg-rhel8-cui-ks.cfg index fac0f045334..0271eb0a06c 100644 --- a/products/rhel8/kickstart/ssg-rhel8-cui-ks.cfg +++ b/products/rhel8/kickstart/ssg-rhel8-cui-ks.cfg @@ -35,7 +35,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -70,9 +70,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" +bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" # Initialize (format) all disks (optional) zerombr @@ -90,7 +90,7 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow @@ -103,9 +103,9 @@ logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsopt # Ensure /var Located On Separate Partition logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) @@ -142,11 +142,7 @@ logvol swap --name=swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel8/kickstart/ssg-rhel8-e8-ks.cfg b/products/rhel8/kickstart/ssg-rhel8-e8-ks.cfg index 6d13bf0aaf1..eb6399bf703 100644 --- a/products/rhel8/kickstart/ssg-rhel8-e8-ks.cfg +++ b/products/rhel8/kickstart/ssg-rhel8-e8-ks.cfg @@ -38,7 +38,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -72,9 +72,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -100,11 +100,7 @@ autopart # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel8/kickstart/ssg-rhel8-hipaa-ks.cfg b/products/rhel8/kickstart/ssg-rhel8-hipaa-ks.cfg index e3d499e75bb..6775fbcdbda 100644 --- a/products/rhel8/kickstart/ssg-rhel8-hipaa-ks.cfg +++ b/products/rhel8/kickstart/ssg-rhel8-hipaa-ks.cfg @@ -38,7 +38,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -72,9 +72,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -100,11 +100,7 @@ autopart # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel8/kickstart/ssg-rhel8-ism_o-ks.cfg b/products/rhel8/kickstart/ssg-rhel8-ism_o-ks.cfg index 396e547fdca..9636f287600 100644 --- a/products/rhel8/kickstart/ssg-rhel8-ism_o-ks.cfg +++ b/products/rhel8/kickstart/ssg-rhel8-ism_o-ks.cfg @@ -38,7 +38,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -73,7 +73,7 @@ selinux --enforcing timezone --utc America/New_York # Specify how the bootloader should be installed (required) -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" +bootloader # Initialize (format) all disks (optional) zerombr @@ -99,11 +99,7 @@ autopart # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel8/kickstart/ssg-rhel8-ospp-ks.cfg b/products/rhel8/kickstart/ssg-rhel8-ospp-ks.cfg index c5e062b615d..0510592c63f 100644 --- a/products/rhel8/kickstart/ssg-rhel8-ospp-ks.cfg +++ b/products/rhel8/kickstart/ssg-rhel8-ospp-ks.cfg @@ -35,7 +35,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -70,9 +70,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" +bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" # Initialize (format) all disks (optional) zerombr @@ -90,7 +90,7 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow @@ -103,9 +103,9 @@ logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsopt # Ensure /var Located On Separate Partition logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) @@ -142,11 +142,7 @@ logvol swap --name=swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel8/kickstart/ssg-rhel8-pci-dss-ks.cfg b/products/rhel8/kickstart/ssg-rhel8-pci-dss-ks.cfg index 270e25f252b..c789c66a064 100644 --- a/products/rhel8/kickstart/ssg-rhel8-pci-dss-ks.cfg +++ b/products/rhel8/kickstart/ssg-rhel8-pci-dss-ks.cfg @@ -36,7 +36,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -67,13 +67,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -# -# PASSWORD TEMPORARILY DISABLED -bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" -#bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 - +bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -91,21 +87,21 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=11264 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=11264 --grow # CCE-26557-9: Ensure /home Located On Separate Partition -logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # CCE-26435-8: Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" # CCE-26639-5: Ensure /var Located On Separate Partition -logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072 --fsoptions="nodev" +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" # CCE-26215-4: Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev" # CCE-26436-6: Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev" +logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) # content - security policies - on the installed system.This add-on has been enabled by default @@ -141,7 +137,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel8/kickstart/ssg-rhel8-stig-ks.cfg b/products/rhel8/kickstart/ssg-rhel8-stig-ks.cfg index 8b19fccf8d1..4cc6a08b77d 100644 --- a/products/rhel8/kickstart/ssg-rhel8-stig-ks.cfg +++ b/products/rhel8/kickstart/ssg-rhel8-stig-ks.cfg @@ -35,7 +35,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -72,9 +72,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -92,7 +92,7 @@ part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow @@ -105,9 +105,9 @@ logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsopt # Ensure /var Located On Separate Partition logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec" +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec" logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) @@ -144,11 +144,7 @@ logvol swap --name=swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel8/kickstart/ssg-rhel8-stig_gui-ks.cfg b/products/rhel8/kickstart/ssg-rhel8-stig_gui-ks.cfg index 13b3b881c53..7127e76ebfa 100644 --- a/products/rhel8/kickstart/ssg-rhel8-stig_gui-ks.cfg +++ b/products/rhel8/kickstart/ssg-rhel8-stig_gui-ks.cfg @@ -35,7 +35,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -71,9 +71,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -91,7 +91,7 @@ part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow @@ -104,9 +104,9 @@ logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsopt # Ensure /var Located On Separate Partition logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec" +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec" logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) @@ -144,10 +144,9 @@ logvol swap --name=swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages -# Require @Base -@Base +@Server with GUI -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel9/kickstart/ssg-rhel9-anssi_bp28_enhanced-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-anssi_bp28_enhanced-ks.cfg index f8a2f6d1d47..e0fae43c21e 100644 --- a/products/rhel9/kickstart/ssg-rhel9-anssi_bp28_enhanced-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-anssi_bp28_enhanced-ks.cfg @@ -37,7 +37,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -69,9 +69,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --append="audit=1 audit_backlog_limit=8192" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -89,16 +89,16 @@ part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=3192 --grow # Ensure /usr Located On Separate Partition -logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev" +logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=5000 --fsoptions="nodev" # Ensure /opt Located On Separate Partition -logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" +logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" # Ensure /srv Located On Separate Partition -logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" +logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" # Ensure /home Located On Separate Partition logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition @@ -108,9 +108,9 @@ logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsopt # Ensure /var Located On Separate Partition logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) @@ -147,11 +147,7 @@ logvol swap --name=swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel9/kickstart/ssg-rhel9-anssi_bp28_high-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-anssi_bp28_high-ks.cfg index ee20a99cfd4..60426d9ff37 100644 --- a/products/rhel9/kickstart/ssg-rhel9-anssi_bp28_high-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-anssi_bp28_high-ks.cfg @@ -37,7 +37,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -73,9 +73,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --append="audit=1 audit_backlog_limit=8192" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -93,16 +93,16 @@ part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=3192 --grow # Ensure /usr Located On Separate Partition -logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev" +logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=5000 --fsoptions="nodev" # Ensure /opt Located On Separate Partition -logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" +logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" # Ensure /srv Located On Separate Partition -logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" +logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" # Ensure /home Located On Separate Partition logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition @@ -112,9 +112,9 @@ logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsopt # Ensure /var Located On Separate Partition logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) @@ -151,11 +151,7 @@ logvol swap --name=swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel9/kickstart/ssg-rhel9-anssi_bp28_intermediary-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-anssi_bp28_intermediary-ks.cfg index 3c7af747806..c5e589be2f3 100644 --- a/products/rhel9/kickstart/ssg-rhel9-anssi_bp28_intermediary-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-anssi_bp28_intermediary-ks.cfg @@ -37,7 +37,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -69,9 +69,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -bootloader --location=mbr +bootloader # Initialize (format) all disks (optional) zerombr @@ -89,16 +89,16 @@ part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=3192 --grow # Ensure /usr Located On Separate Partition -logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev" +logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=5000 --fsoptions="nodev" # Ensure /opt Located On Separate Partition -logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" +logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" # Ensure /srv Located On Separate Partition -logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" +logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" # Ensure /home Located On Separate Partition logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition @@ -108,9 +108,9 @@ logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsopt # Ensure /var Located On Separate Partition logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) @@ -147,11 +147,7 @@ logvol swap --name=swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel9/kickstart/ssg-rhel9-anssi_bp28_minimal-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-anssi_bp28_minimal-ks.cfg index 9ecde1917be..36811c45752 100644 --- a/products/rhel9/kickstart/ssg-rhel9-anssi_bp28_minimal-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-anssi_bp28_minimal-ks.cfg @@ -37,7 +37,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -59,9 +59,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -bootloader --location=mbr +bootloader # Initialize (format) all disks (optional) zerombr @@ -111,11 +111,7 @@ autopart # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel9/kickstart/ssg-rhel9-cis-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-cis-ks.cfg index a0c9024edb9..6e8cc9158b9 100644 --- a/products/rhel9/kickstart/ssg-rhel9-cis-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-cis-ks.cfg @@ -38,7 +38,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -72,9 +72,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -95,23 +95,23 @@ part pv.01 --grow --size=1 part /dev/shm --fstype=tmpfs --fsoptions="nodev,nosuid,noexec" --size=512 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=9728 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=9728 --grow # Ensure /home Located On Separate Partition -logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" # Ensure /var/tmp Located On Separate Partition -logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var Located On Separate Partition -logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072 +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 +logvol swap --name=swap --vgname=VolGroup --size=2016 # Harden installation with CIS profile @@ -124,11 +124,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel9/kickstart/ssg-rhel9-cis_server_l1-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-cis_server_l1-ks.cfg index 063600a53cb..bf6ec98c286 100644 --- a/products/rhel9/kickstart/ssg-rhel9-cis_server_l1-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-cis_server_l1-ks.cfg @@ -38,7 +38,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -72,9 +72,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -95,13 +95,23 @@ part pv.01 --grow --size=1 part /dev/shm --fstype=tmpfs --fsoptions="nodev,nosuid,noexec" --size=512 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=16384 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=9728 --grow +# Ensure /home Located On Separate Partition +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +# Ensure /var/tmp Located On Separate Partition +logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +# Ensure /var Located On Separate Partition +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 +# Ensure /var/log Located On Separate Partition +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 +# Ensure /var/log/audit Located On Separate Partition +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 +logvol swap --name=swap --vgname=VolGroup --size=2016 # Harden installation with CIS profile @@ -114,11 +124,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel9/kickstart/ssg-rhel9-cis_workstation_l1-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-cis_workstation_l1-ks.cfg index 3296221a184..c3c62ea001b 100644 --- a/products/rhel9/kickstart/ssg-rhel9-cis_workstation_l1-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-cis_workstation_l1-ks.cfg @@ -38,7 +38,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -72,9 +72,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -95,13 +95,23 @@ part pv.01 --grow --size=1 part /dev/shm --fstype=tmpfs --fsoptions="nodev,nosuid,noexec" --size=512 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=16384 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=9728 --grow +# Ensure /home Located On Separate Partition +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +# Ensure /var/tmp Located On Separate Partition +logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +# Ensure /var Located On Separate Partition +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 +# Ensure /var/log Located On Separate Partition +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 +# Ensure /var/log/audit Located On Separate Partition +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 +logvol swap --name=swap --vgname=VolGroup --size=2016 # Harden installation with CIS profile @@ -114,11 +124,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel9/kickstart/ssg-rhel9-cis_workstation_l2-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-cis_workstation_l2-ks.cfg index e98712b0c70..0903e76efb8 100644 --- a/products/rhel9/kickstart/ssg-rhel9-cis_workstation_l2-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-cis_workstation_l2-ks.cfg @@ -38,7 +38,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -72,9 +72,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -95,23 +95,23 @@ part pv.01 --grow --size=1 part /dev/shm --fstype=tmpfs --fsoptions="nodev,nosuid,noexec" --size=512 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=9728 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=9728 --grow # Ensure /home Located On Separate Partition -logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" # Ensure /var/tmp Located On Separate Partition -logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var Located On Separate Partition -logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072 +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 +logvol swap --name=swap --vgname=VolGroup --size=2016 # Harden installation with CIS profile @@ -124,11 +124,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel9/kickstart/ssg-rhel9-cui-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-cui-ks.cfg index 7af89018afb..536bdcb57a9 100644 --- a/products/rhel9/kickstart/ssg-rhel9-cui-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-cui-ks.cfg @@ -35,7 +35,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -70,9 +70,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" +bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" # Initialize (format) all disks (optional) zerombr @@ -90,7 +90,7 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow @@ -103,9 +103,9 @@ logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsopt # Ensure /var Located On Separate Partition logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) @@ -142,11 +142,7 @@ logvol swap --name=swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel9/kickstart/ssg-rhel9-e8-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-e8-ks.cfg index 48a79bd227e..345f442a503 100644 --- a/products/rhel9/kickstart/ssg-rhel9-e8-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-e8-ks.cfg @@ -38,7 +38,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -72,9 +72,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -100,11 +100,7 @@ autopart # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel9/kickstart/ssg-rhel9-hipaa-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-hipaa-ks.cfg index 02d079f50fa..1076484f112 100644 --- a/products/rhel9/kickstart/ssg-rhel9-hipaa-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-hipaa-ks.cfg @@ -38,7 +38,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -72,9 +72,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password -# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create +# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create # encrypted password form for different plaintext password -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -100,11 +100,7 @@ autopart # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel9/kickstart/ssg-rhel9-ism_o-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-ism_o-ks.cfg index 0aa709fe2e2..d5c7f7bb3e6 100644 --- a/products/rhel9/kickstart/ssg-rhel9-ism_o-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-ism_o-ks.cfg @@ -38,7 +38,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -73,7 +73,7 @@ selinux --enforcing timezone --utc America/New_York # Specify how the bootloader should be installed (required) -bootloader --location=mbr --append="crashkernel=auto rhgb quiet" +bootloader # Initialize (format) all disks (optional) zerombr @@ -99,11 +99,7 @@ autopart # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel9/kickstart/ssg-rhel9-ospp-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-ospp-ks.cfg index fe44ce58d4f..b860735c474 100644 --- a/products/rhel9/kickstart/ssg-rhel9-ospp-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-ospp-ks.cfg @@ -35,7 +35,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -70,9 +70,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" +bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" # Initialize (format) all disks (optional) zerombr @@ -90,7 +90,7 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow @@ -103,9 +103,9 @@ logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsopt # Ensure /var Located On Separate Partition logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) @@ -142,11 +142,7 @@ logvol swap --name=swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel9/kickstart/ssg-rhel9-pci-dss-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-pci-dss-ks.cfg index 03265aecb4c..e9284979a53 100644 --- a/products/rhel9/kickstart/ssg-rhel9-pci-dss-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-pci-dss-ks.cfg @@ -36,7 +36,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -67,13 +67,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -# -# PASSWORD TEMPORARILY DISABLED -bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" -#bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 - +bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -91,21 +87,21 @@ part /boot --fstype=xfs --size=512 part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=11264 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=11264 --grow # CCE-26557-9: Ensure /home Located On Separate Partition -logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" # CCE-26435-8: Ensure /tmp Located On Separate Partition -logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" +logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" # CCE-26639-5: Ensure /var Located On Separate Partition -logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072 --fsoptions="nodev" +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" # CCE-26215-4: Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev" # CCE-26436-6: Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev" -logvol swap --name=lv_swap --vgname=VolGroup --size=2016 +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev" +logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) # content - security policies - on the installed system.This add-on has been enabled by default @@ -141,7 +137,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel9/kickstart/ssg-rhel9-stig-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-stig-ks.cfg index a44bcda5053..83c0016675e 100644 --- a/products/rhel9/kickstart/ssg-rhel9-stig-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-stig-ks.cfg @@ -35,7 +35,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -71,9 +71,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -91,7 +91,7 @@ part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow @@ -104,9 +104,9 @@ logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsopt # Ensure /var Located On Separate Partition logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec" +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec" logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) @@ -143,11 +143,7 @@ logvol swap --name=swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages - -# Require @Base -@Base - -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting diff --git a/products/rhel9/kickstart/ssg-rhel9-stig_gui-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-stig_gui-ks.cfg index ab6bd36c024..2ec199b0bc1 100644 --- a/products/rhel9/kickstart/ssg-rhel9-stig_gui-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-stig_gui-ks.cfg @@ -35,7 +35,7 @@ lang en_US.UTF-8 # Set system keyboard type / layout (required) -keyboard us +keyboard --vckeymap us # Configure network information for target system and activate network devices in the installer environment (optional) # --onboot enable device at a boot time @@ -72,9 +72,9 @@ timezone --utc America/New_York # Specify how the bootloader should be installed (required) # Plaintext password is: password # Refer to e.g. -# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw +# grub2-mkpasswd-pbkdf2 # to see how to create encrypted password form for different plaintext password -bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 +bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted # Initialize (format) all disks (optional) zerombr @@ -92,7 +92,7 @@ part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" part pv.01 --grow --size=1 # Create a Logical Volume Management (LVM) group (optional) -volgroup VolGroup --pesize=4096 pv.01 +volgroup VolGroup pv.01 # Create particular logical volumes (optional) logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow @@ -105,9 +105,9 @@ logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsopt # Ensure /var Located On Separate Partition logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" # Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var/log/audit Located On Separate Partition -logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec" +logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec" logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) @@ -145,10 +145,9 @@ logvol swap --name=swap --vgname=VolGroup --size=2016 # Packages selection (%packages section is required) %packages -# Require @Base -@Base +@Server with GUI -%end # End of %packages section +%end # Reboot after the installation is complete (optional) # --eject attempt to eject CD or DVD media before rebooting