ares · August 7, 2024 11:35 · Aug 7, 2024 · Aug 7, 2024 · Aug 7, 2024
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -26,6 +26,7 @@ bootloader --append="audit=1 audit_backlog_limit=8192"
 services --disabled=nftables,bluetooth,autofs,avahi-daemon,rpcbind,nfs-server,cups --enabled=systemd-journald,firewalld,crond,auditd
 ### SERVICES END
 
+### PACKAGES START (will need to ve appedended to our part
 # Packages selection (required for security compliance)
 %packages
 openscap-scanner
@@ -65,9 +66,12 @@ audit
 -net-snmp
 -xorg-x11-server-common
 %end
+### PACKAGES END
 
+### POST START (need to be inserted somewhere in our %post)
 # Perform OpenSCAP hardening (required for security compliance)
 %post --erroronfail
 oscap xccdf eval --remediate --results-arf /root/oscap_arf.xml --report /root/oscap_report.html --profile 'xccdf_org.ssgproject.content_profile_cis' /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
 [ $? -eq 0 -o $? -eq 2 ] || exit 1
-%end
+%end
+### POST END
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -1,3 +1,4 @@
+### PARTITION TABLE START
 # Create partition layout scheme (required for security compliance)
 zerombr
 clearpart --all --initlabel
@@ -12,12 +13,18 @@ logvol /var --name=var --vgname=system --size=3072
 logvol /var/log --name=varlog --vgname=system --size=1024
 logvol /var/log/audit --name=varlogaudit --vgname=system --size=10240
 logvol /var/tmp --name=vartmp --vgname=system --size=1024
+### PARTITION TABLE END
 
+### BOOTLOADER START (we need to parse append section from this and merge it with our defaults)
 # Configure boot loader options (required for security compliance)
 bootloader --append="audit=1 audit_backlog_limit=8192"
+### BOOTLOADER END
 
+### SERVICES START (our default list is different and is not customizable)
+### services --disabled gpm,sendmail,cups,pcmcia,isdn,rawdevices,hpoj,bluetooth,openibd,avahi-daemon,avahi-dnsconfd,hidd,hplip,pcscd
 # Disable and enable systemd services (required for security compliance)
 services --disabled=nftables,bluetooth,autofs,avahi-daemon,rpcbind,nfs-server,cups --enabled=systemd-journald,firewalld,crond,auditd
+### SERVICES END
 
 # Packages selection (required for security compliance)
 %packages

diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,66 @@
+# Create partition layout scheme (required for security compliance)
+zerombr
+clearpart --all --initlabel
+reqpart --add-boot
+part pv.01 --grow --size=1
+volgroup system pv.01
+logvol / --name=root --vgname=system --size=2000 --grow
+logvol swap --name=swap --vgname=system --size=1000
+logvol /home --name=home --vgname=system --size=1024
+logvol /tmp --name=tmp --vgname=system --size=1024
+logvol /var --name=var --vgname=system --size=3072
+logvol /var/log --name=varlog --vgname=system --size=1024
+logvol /var/log/audit --name=varlogaudit --vgname=system --size=10240
+logvol /var/tmp --name=vartmp --vgname=system --size=1024
+
+# Configure boot loader options (required for security compliance)
+bootloader --append="audit=1 audit_backlog_limit=8192"
+
+# Disable and enable systemd services (required for security compliance)
+services --disabled=nftables,bluetooth,autofs,avahi-daemon,rpcbind,nfs-server,cups --enabled=systemd-journald,firewalld,crond,auditd
+
+# Packages selection (required for security compliance)
+%packages
+openscap-scanner
+scap-security-guide
+aide
+sudo
+libpwquality
+systemd-journal-remote
+firewalld
+nftables
+libselinux
+audit-libs
+audit
+-gdm
+-mcstrans
+-setroubleshoot
+-dhcp-server
+-dnsmasq
+-bind
+-ftp
+-vsftpd
+-httpd
+-nginx
+-cyrus-imapd
+-dovecot
+-openldap-clients
+-rsync-daemon
+-xinetd
+-ypbind
+-ypserv
+-telnet-server
+-telnet
+-tftp-server
+-tftp
+-squid
+-samba
+-net-snmp
+-xorg-x11-server-common
+%end
+
+# Perform OpenSCAP hardening (required for security compliance)
+%post --erroronfail
+oscap xccdf eval --remediate --results-arf /root/oscap_arf.xml --report /root/oscap_report.html --profile 'xccdf_org.ssgproject.content_profile_cis' /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
+[ $? -eq 0 -o $? -eq 2 ] || exit 1
+%end
No results found