Kickstart/RHEL66 Hardened

# Kickstart file automatically generated by anaconda.

# reference: https://github.com/rhinstaller/pykickstart/blob/master/docs/kickstart-docs.rst#user

#version=DEVEL
install
url --url http://192.168.33.1/rhel66/
lang en_US.UTF-8
keyboard us
text
network --onboot yes --device eth0 --bootproto dhcp --noipv6
rootpw  --iscrypted $6$pMSgnNv1xyDCdArD$qBJ1C1eClDzD8UMYeuxiwLKwHJop/DbGjsosZf0uI9JzRW9BeHyCWgSaV4Bdu9V0/Xh9ZOsqe8vdyCLjesU7d.
user --name=david --groups=users --homedir=/home/david --password="$6$.WKNF3iw$mlr9PlulM.sLY4c2utdwJEyY.Iy4su/aEc.sUPmerBBTC.fyl5FvtNbKfFvV/U1rdZJyhlwhF0DZ1.5EAbM9M" --iscrypted --shell=/bin/bash
 --uid=500 --gid=100
firewall --service=ssh
authconfig --enableshadow --passalgo=sha512
selinux --enforcing
timezone --utc America/New_York
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
reboot
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
#clearpart --none
clearpart --initlabel --all
part / --fstype=ext4 --asprimary --size=6191
part /tmp --fstype=ext4 --asprimary --size=500 --fsoptions=nodev,noexec,nosuid
part /var --fstype=ext4 --asprimary --size=500
part swap --grow --asprimary --size=200

%packages --nobase
@core
@server-policy
aide
bing-libs
bind-utils
openscap
openscap-utils
iptables
git
iproute
libedit
libpcap
lsof
mlocate
ntp
ntpdate
openssh-clients
strace
sysstat
tcpdump
-aic94xx-firmware
-atmel-firmware
-bfa-firmware
-ipw2100-firmware
-ipw2200-firmware
-ivtv-firmware
-iwl1000-firmware
-iwl100-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6050-firmware
-libertas-usb8388-firmware
-ql2100-firmware
-ql2200-firmware
-ql23xx-firmware
-ql2400-firmware
-ql2500-firmware
-rt61pci-firmware
-rt73usb-firmware
-xorg-x11-drv-ati-firmware
-zd1211-firmware
%end

%post --log=/var/log/post-install.log
mkdir /mnt/cdrom
updatedb
echo "export HISTTIMEFORMAT='%F %T '" >> /etc/profile.d/bashrc
/sbin/chkconfig --level 345 ntpd o
/sbin/service ntpd start
(
cat <<'EOF'
You are accessing a U.S. Government (USG) Information System (IS) that is
provided for USG-authorized use only. By using this IS (which includes any
device attached to this IS), you consent to the following conditions:

-The USG routinely intercepts and monitors communications on this IS for
purposes including, but not limited to, penetration testing, COMSEC monitoring,
network operations and defense, personnel misconduct (PM), law enforcement
(LE), and counterintelligence (CI) investigations.

-At any time, the USG may inspect and seize data stored on this IS.

-Communications using, or data stored on, this IS are not private, are subject
to routine monitoring, interception, and search, and may be disclosed or used
for any USG-authorized purpose.

-This IS includes security measures (e.g., authentication and access controls)
to protect USG interests -- not for your personal benefit or privacy.

-Notwithstanding the above, using this IS does not constitute consent to PM, LE
or CI investigative searching or monitoring of the content of privileged
communications, or work product, related to personal representation or services
by attorneys, psychotherapists, or clergy, and their assistants. Such
communications and work product are private and confidential. See User
Agreement for details.
EOF
) > /etc/issue
%end