Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix up RHEL kickstarts #10499

Merged
merged 10 commits into from
May 4, 2023
Merged

Fix up RHEL kickstarts #10499

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
724e7ba
remove @Base from RHEL kickstarts
comps Apr 25, 2023
075887b
install RHEL stig_gui kickstarts with 'Server with GUI' packages
comps Apr 25, 2023
603b220
remove unnecessary --pesize from RHEL kickstarts
comps Apr 26, 2023
774e234
remove --location=mbr from RHEL kickstarts
comps Apr 26, 2023
e523581
remove default --append arguments from RHEL kickstarts
comps Apr 26, 2023
ba482c0
use keyboard --vckeymap in RHEL kickstarts
comps Apr 26, 2023
7652489
fix broken bootloader passwords in RHEL kickstarts
comps Apr 26, 2023
5b8aef6
remove wrong temporary password disablement in pci-dss RHEL kickstarts
comps Apr 27, 2023
715e8f7
add required partitions to CIS server/workstation l1 RHEL kickstarts
comps Apr 27, 2023
ee32f2c
unify logvol naming in RHEL kickstarts
comps Apr 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 16 additions & 20 deletions products/rhel7/kickstart/ssg-rhel7-anssi_nt28_enhanced-ks.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ install
lang en_US.UTF-8

# Set system keyboard type / layout (required)
keyboard us
keyboard --vckeymap us

# Configure network information for target system and activate network devices in the installer environment (optional)
# --onboot enable device at a boot time
Expand Down Expand Up @@ -78,9 +78,9 @@ timezone --utc America/New_York

# Specify how the bootloader should be installed (required)
# Plaintext password is: password
# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
# encrypted password form for different plaintext password
bootloader --location=mbr --append="audit=1 audit_backlog_limig=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
bootloader --append="audit=1 audit_backlog_limig=8192" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted

# Initialize (format) all disks (optional)
zerombr
Expand All @@ -98,29 +98,29 @@ part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
part pv.01 --grow --size=1

# Create a Logical Volume Management (LVM) group (optional)
volgroup VolGroup --pesize=4096 pv.01
volgroup VolGroup pv.01

# Create particular logical volumes (optional)
logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=4216 --grow
logvol / --fstype=xfs --name=root --vgname=VolGroup --size=4216 --grow
# Ensure /usr Located On Separate Partition
logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev"
logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=5000 --fsoptions="nodev"
# Ensure /opt Located On Separate Partition
logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
# Ensure /srv Located On Separate Partition
logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
# Ensure /home Located On Separate Partition
logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
# Ensure /tmp Located On Separate Partition
logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
# Ensure /var/tmp Located On Separate Partition
logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
# Ensure /var Located On Separate Partition
logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048 --fsoptions="nodev"
logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 --fsoptions="nodev"
# Ensure /var/log Located On Separate Partition
logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev"
logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev"
# Ensure /var/log/audit Located On Separate Partition
logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev"
logvol swap --name=lv_swap --vgname=VolGroup --size=2016
logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev"
logvol swap --name=swap --vgname=VolGroup --size=2016

# Despite the ID referencing NT-28, the profile is aligned to BP-028
%addon org_fedora_oscap
Expand All @@ -130,11 +130,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016

# Packages selection (%packages section is required)
%packages

# Require @Base
@Base

%end # End of %packages section
%end

# Reboot after the installation is complete (optional)
# --eject attempt to eject CD or DVD media before rebooting
Expand Down
36 changes: 16 additions & 20 deletions products/rhel7/kickstart/ssg-rhel7-anssi_nt28_high-ks.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ install
lang en_US.UTF-8

# Set system keyboard type / layout (required)
keyboard us
keyboard --vckeymap us

# Configure network information for target system and activate network devices in the installer environment (optional)
# --onboot enable device at a boot time
Expand Down Expand Up @@ -82,9 +82,9 @@ timezone --utc America/New_York

# Specify how the bootloader should be installed (required)
# Plaintext password is: password
# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
# encrypted password form for different plaintext password
bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
bootloader --append="audit=1 audit_backlog_limit=8192" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted

# Initialize (format) all disks (optional)
zerombr
Expand All @@ -102,29 +102,29 @@ part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
part pv.01 --grow --size=1

# Create a Logical Volume Management (LVM) group (optional)
volgroup VolGroup --pesize=4096 pv.01
volgroup VolGroup pv.01

# Create particular logical volumes (optional)
logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=4216 --grow
logvol / --fstype=xfs --name=root --vgname=VolGroup --size=4216 --grow
# Ensure /usr Located On Separate Partition
logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev"
logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=5000 --fsoptions="nodev"
# Ensure /opt Located On Separate Partition
logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
# Ensure /srv Located On Separate Partition
logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
# Ensure /home Located On Separate Partition
logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
# Ensure /tmp Located On Separate Partition
logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
# Ensure /var/tmp Located On Separate Partition
logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
# Ensure /var Located On Separate Partition
logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048 --fsoptions="nodev"
logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 --fsoptions="nodev"
# Ensure /var/log Located On Separate Partition
logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev"
logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev"
# Ensure /var/log/audit Located On Separate Partition
logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev"
logvol swap --name=lv_swap --vgname=VolGroup --size=2016
logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev"
logvol swap --name=swap --vgname=VolGroup --size=2016

# Despite the ID referencing NT-28, the profile is aligned to BP-028
%addon org_fedora_oscap
Expand All @@ -134,11 +134,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016

# Packages selection (%packages section is required)
%packages

# Require @Base
@Base

%end # End of %packages section
%end

# Reboot after the installation is complete (optional)
# --eject attempt to eject CD or DVD media before rebooting
Expand Down
36 changes: 16 additions & 20 deletions products/rhel7/kickstart/ssg-rhel7-anssi_nt28_intermediary-ks.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ install
lang en_US.UTF-8

# Set system keyboard type / layout (required)
keyboard us
keyboard --vckeymap us

# Configure network information for target system and activate network devices in the installer environment (optional)
# --onboot enable device at a boot time
Expand Down Expand Up @@ -78,9 +78,9 @@ timezone --utc America/New_York

# Specify how the bootloader should be installed (required)
# Plaintext password is: password
# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
# encrypted password form for different plaintext password
bootloader --location=mbr --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted

# Initialize (format) all disks (optional)
zerombr
Expand All @@ -98,29 +98,29 @@ part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
part pv.01 --grow --size=1

# Create a Logical Volume Management (LVM) group (optional)
volgroup VolGroup --pesize=4096 pv.01
volgroup VolGroup pv.01

# Create particular logical volumes (optional)
logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=4216 --grow
logvol / --fstype=xfs --name=root --vgname=VolGroup --size=4216 --grow
# Ensure /usr Located On Separate Partition
logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev"
logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=5000 --fsoptions="nodev"
# Ensure /opt Located On Separate Partition
logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
# Ensure /srv Located On Separate Partition
logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
# Ensure /home Located On Separate Partition
logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
# Ensure /tmp Located On Separate Partition
logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
# Ensure /var/tmp Located On Separate Partition
logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
# Ensure /var Located On Separate Partition
logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048 --fsoptions="nodev"
logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 --fsoptions="nodev"
# Ensure /var/log Located On Separate Partition
logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev"
logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev"
# Ensure /var/log/audit Located On Separate Partition
logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev"
logvol swap --name=lv_swap --vgname=VolGroup --size=2016
logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev"
logvol swap --name=swap --vgname=VolGroup --size=2016

# Despite the ID referencing NT-28, the profile is aligned to BP-028
%addon org_fedora_oscap
Expand All @@ -130,11 +130,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016

# Packages selection (%packages section is required)
%packages

# Require @Base
@Base

%end # End of %packages section
%end

# Reboot after the installation is complete (optional)
# --eject attempt to eject CD or DVD media before rebooting
Expand Down
12 changes: 4 additions & 8 deletions products/rhel7/kickstart/ssg-rhel7-anssi_nt28_minimal-ks.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ install
lang en_US.UTF-8

# Set system keyboard type / layout (required)
keyboard us
keyboard --vckeymap us

# Configure network information for target system and activate network devices in the installer environment (optional)
# --onboot enable device at a boot time
Expand All @@ -68,9 +68,9 @@ timezone --utc America/New_York

# Specify how the bootloader should be installed (required)
# Plaintext password is: password
# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
# encrypted password form for different plaintext password
bootloader --location=mbr
bootloader

# Initialize (format) all disks (optional)
zerombr
Expand All @@ -94,11 +94,7 @@ autopart

# Packages selection (%packages section is required)
%packages

# Require @Base
@Base

%end # End of %packages section
%end

# Reboot after the installation is complete (optional)
# --eject attempt to eject CD or DVD media before rebooting
Expand Down
32 changes: 14 additions & 18 deletions products/rhel7/kickstart/ssg-rhel7-cis-ks.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ install
lang en_US.UTF-8

# Set system keyboard type / layout (required)
keyboard us
keyboard --vckeymap us

# Configure network information for target system and activate network devices in the installer environment (optional)
# --onboot enable device at a boot time
Expand Down Expand Up @@ -81,9 +81,9 @@ timezone --utc America/New_York

# Specify how the bootloader should be installed (required)
# Plaintext password is: password
# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
# encrypted password form for different plaintext password
bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted

# Initialize (format) all disks (optional)
zerombr
Expand All @@ -101,25 +101,25 @@ part /boot --fstype=xfs --size=512
part pv.01 --grow --size=1

# Create a Logical Volume Management (LVM) group (optional)
volgroup VolGroup --pesize=4096 pv.01
volgroup VolGroup pv.01

# Create particular logical volumes (optional)
logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10752 --grow
logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10752 --grow
# Ensure /home Located On Separate Partition
logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
# Ensure /tmp Located On Separate Partition
logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
# Ensure /var/tmp Located On Separate Partition
logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
# Ensure /var Located On Separate Partition
logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=2048
logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048
# Ensure /var/log Located On Separate Partition
logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024
logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
# Ensure /var/log/audit Located On Separate Partition
logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512
logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
# Ensure /dev/shm Located on Separate Partition
logvol /dev/shm --name=LogVol8 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
logvol swap --name=lv_swap --vgname=VolGroup --size=2016
logvol /dev/shm --name=devshm --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
logvol swap --name=swap --vgname=VolGroup --size=2016



Expand All @@ -133,11 +133,7 @@ logvol swap --name=lv_swap --vgname=VolGroup --size=2016

# Packages selection (%packages section is required)
%packages

# Require @Base
@Base

%end # End of %packages section
%end

# Reboot after the installation is complete (optional)
# --eject attempt to eject CD or DVD media before rebooting
Expand Down
Loading