Comments (9)
fcaviggia
commented on August 29, 2024
I'll check into this over the holidays.
from ssg-el7-kickstart.
fcaviggia
commented on August 29, 2024
Okay it looks like the SCAP Security Guide is removing X-windows - I will revert to the RHEL 7.5 version of SCAP Security Guide to see if that remediates the problem.
from ssg-el7-kickstart.
fcaviggia
commented on August 29, 2024
This was the rule removing Xwindows:
Rule ID | package_xorg-x11-server-common_removed
Result | pass
Time | 2018-12-28T10:14:17
Severity | medium
Identifiers and References | Identifiers: CCE-27218-7References: RHEL-07-040730, SV-86931r3_rule, 2.2.2, CCI-000366, AC-17(8).1(ii), SRG-OS-000480-GPOS-00227
Description | By removing the xorg-x11-server-common package, the system no longer has X Windows installed. If X Windows is not installed then the system cannot boot into graphical user mode. This prevents the system from being accidentally or maliciously booted into a graphical.target mode. To do so, run the following command: $ sudo yum groupremove "X Window System" $ sudo yum remove xorg-x11-server-common
Rationale | Unnecessary service packages must not be installed to decrease the attack surface of the system. X windows has a long history of security vulnerabilities and should not be installed unless approved and documented.
from ssg-el7-kickstart.
fcaviggia
commented on August 29, 2024
What people forget is the STIG is guidelines - each AO can decide if the risk of having Xwindows is okay for their program. I'm looking into a way to skip that particular remediation with SCAP - i may still have to roll back to the RHEL 7.5 SCAP Security Guide.
from ssg-el7-kickstart.
fcaviggia
commented on August 29, 2024
The FIPS 140-2 is a checkbox on install, so disable that if it isn't working for your hardware. The rest of the fixes are up - let me know if that works for you.
from ssg-el7-kickstart.
dahl777
commented on August 29, 2024
How do I get your new changes so I can test them?
from ssg-el7-kickstart.
fcaviggia
commented on August 29, 2024
Just pull the latest version and create a new DVD:
$ git clone https://github.com/redhatgov/ssg-el7-kickstart.git
$ cd ssg-el7-kickstart
$ sudo ./createiso.sh RHEL-7.6-dvd.iso
from ssg-el7-kickstart.
dahl777
commented on August 29, 2024
Where is the checkbox to turn off FIPS in the installer?
from ssg-el7-kickstart.
fcaviggia
commented on August 29, 2024
The FIPS kernel mode is an option with menu.py with the kickstart.
from ssg-el7-kickstart.
Related Issues (20)
- STIG profile ssg-rhel7-xccdf enforces repo_gpgcheck=1 but neither CDN nor Satellite6 provide signed metadata HOT 2
- type error with /usr/bin/python from DVD image HOT 1
- Refresh the HBox button labels? HOT 3
- No GUI menu driven install, all text based HOT 1
- Contribute Kickstart file to SSG repo HOT 3
- Change Licence (GPLv2 -> APL2.0) HOT 6
- Partitions in MB and not in % HOT 10
- command issue HOT 1
- Header & Footer label displays do not display correctly HOT 3
- LDap user can not login HOT 8
- Adding Packages HOT 1
- ssg-el8-kickstart HOT 15
- USBguard disables keyboard and mouse
- is there any change for RHEL 7.7 HOT 9
- How to execute script for CentOS 7 HOT 2
- Mouse and Keyboad HOT 4
- RHEL 7.8 HOT 5
- RHEL 7 LVM VG error with 4 Disks HOT 1
- Is there any upgrade plan for RHEL 9 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ssg-el7-kickstart.