2.3. Creating a USGCB-compliant Installation Image
/root/directory on the installed system.
- Package repository location - the
urlcommand. To use a package repository on an HTTP or FTP server, replace the default IP address with an address of a server containing a package repository. Replace this command with one of
harddriveto install from a NFS server, optical drive, or local hard drive, respectively.
- System language, keyboard layout, and time zone - the
- Root password - the
rootpwcommand. By default, the root password configured in this Kickstart is "server". Make sure to generate a new checksum and change it.
- Boot loader password - the
bootloader --password=command. The default password is "password". Make sure to generate a new checksum and change it.
- Network configuration - the
networkcommand. Automatic configuration using DHCP is enabled by default - adjust the settings if necessary.
- Package selection - modify the
%packagessection of the file to install packages and groups you need.
ImportantPackages git, aide and openscap-utils must always be installed. They are required for the Kickstart file and post installation OpenSCAP system evaluation to work.
- Disk partitioning layout - the
logvolcommands.The USGCB standard defines concrete requirements for a compliant system's disk layout, which means that the logical volumes defined in the default Kickstart file -
/var/log/audit- must always be created as separate partitions or logical volumes. Additionally, Red Hat Enterprise Linux requires you to create a
/bootphysical partition and volumes for
swap. These are all defined in the default Kickstart; you can add additional separate logical volumes or partitions, and you can change the sizes of the default ones.
NoteBy default, the
/var/log/auditvolume only takes up 512 MB of space. Due to the high number of calls being audited, it is highly recommended to increase its size to at least 1024 MB.