Kickstart/RHEL66 Hardened

From Federal Burro of Information
Revision as of 20:10, 23 January 2016 by David (talk | contribs) (Created page with "# Kickstart file automatically generated by anaconda. # reference: https://github.com/rhinstaller/pykickstart/blob/master/docs/kickstart-docs.rst#user #version=DEVEL install...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search
  1. Kickstart file automatically generated by anaconda.
  1. reference: https://github.com/rhinstaller/pykickstart/blob/master/docs/kickstart-docs.rst#user
  1. version=DEVEL

install url --url http://192.168.33.1/rhel66/ lang en_US.UTF-8 keyboard us text network --onboot yes --device eth0 --bootproto dhcp --noipv6 rootpw --iscrypted $6$pMSgnNv1xyDCdArD$qBJ1C1eClDzD8UMYeuxiwLKwHJop/DbGjsosZf0uI9JzRW9BeHyCWgSaV4Bdu9V0/Xh9ZOsqe8vdyCLjesU7d. user --name=david --groups=users --homedir=/home/david --password="$6$.WKNF3iw$mlr9PlulM.sLY4c2utdwJEyY.Iy4su/aEc.sUPmerBBTC.fyl5FvtNbKfFvV/U1rdZJyhlwhF0DZ1.5EAbM9M" --iscrypted --shell=/bin/bash

--uid=500 --gid=100

firewall --service=ssh authconfig --enableshadow --passalgo=sha512 selinux --enforcing timezone --utc America/New_York bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet" reboot

  1. The following is the partition information you requested
  2. Note that any partitions you deleted are not expressed
  3. here so unless you clear all partitions first, this is
  4. not guaranteed to work
  5. clearpart --none

clearpart --initlabel --all part / --fstype=ext4 --asprimary --size=6191 part /tmp --fstype=ext4 --asprimary --size=500 --fsoptions=nodev,noexec,nosuid part /var --fstype=ext4 --asprimary --size=500 part swap --grow --asprimary --size=200

%packages --nobase @core @server-policy aide bing-libs bind-utils openscap openscap-utils iptables git iproute libedit libpcap lsof mlocate ntp ntpdate openssh-clients strace sysstat tcpdump -aic94xx-firmware -atmel-firmware -bfa-firmware -ipw2100-firmware -ipw2200-firmware -ivtv-firmware -iwl1000-firmware -iwl100-firmware -iwl3945-firmware -iwl4965-firmware -iwl5000-firmware -iwl5150-firmware -iwl6000-firmware -iwl6000g2a-firmware -iwl6050-firmware -libertas-usb8388-firmware -ql2100-firmware -ql2200-firmware -ql23xx-firmware -ql2400-firmware -ql2500-firmware -rt61pci-firmware -rt73usb-firmware -xorg-x11-drv-ati-firmware -zd1211-firmware %end

%post --log=/var/log/post-install.log mkdir /mnt/cdrom updatedb echo "export HISTTIMEFORMAT='%F %T '" >> /etc/profile.d/bashrc /sbin/chkconfig --level 345 ntpd o /sbin/service ntpd start ( cat <<'EOF' You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device attached to this IS), you consent to the following conditions:

-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.

-At any time, the USG may inspect and seize data stored on this IS.

-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.

-This IS includes security measures (e.g., authentication and access controls) to protect USG interests -- not for your personal benefit or privacy.

-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details. EOF ) > /etc/issue %end