Changeset 151

Show
Ignore:
Timestamp:
01/04/08 09:39:47 (1 year ago)
Author:
slawrence
Message:

More descriptive kickstart comments and additions

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/RHEL5.1/kickstart/clip.ks

    r150 r151  
    1 ## Version .02  Feburary 2007 ## 
     1## Version .04  January 2008 ## 
    22# 
    33#  Date Created  : 2007-02-06 # 
     
    66#  - 2007-02-07:  Finished Mapping existing STIG scripts to DCID 6/3 
    77#                 Sections. [St. Laurent] 
    8 #  - 2007-12-xx:     Initiated updates to reflect DCID PL4 Requirements 
     8#  - 2007-12-xx:  Initiated updates to reflect DCID PL4 Requirements 
    99#                 [Tresys] 
     10#  - 2008-01-xx:  Added/updated STIG scripts. Finalized kickstart 
     11#                 procedures. [Tresys] 
    1012# 
    1113# 
     
    1315#  Profile Label: dcid-6-3-PL4-ks.1.0.txt 
    1416# 
    15 #Details: This KickStart file lists out DCID 6/3 Policy at the PL4 
     17# Details: This KickStart file lists out DCID 6/3 Policy at the PL4 
    1618#          Confidentiality level.  Security settings are applied and 
    1719#          mapped to each specific PL4 section in DCID 6/3. 
     
    2224#          requirements the same (correct way) every time. 
    2325# 
    24 #          An MD5 should be set on this file to ensure the degree of 
     26#          A SHA-1 should be created to ensure a degree of 
    2527#          resistance to unauthorized modification. 
    2628# 
    27 ## Version .02  Feburary 2007 ## 
     29## Version .02  February 2007 ## 
    2830## Version .03  December 2007 ## 
    29  
    30  
    31  
    32 #The "install" command tells the system to install a fresh system 
    33 #rather than upgrade an existing system.  You must specify the type 
    34 #of installation in the form of:  cdrom, harddrive, nfs, url (ftp 
    35 #http installation).  The "install" command and the installation 
    36 #method command must be on separate lines. Examples:  
    37 # url --url http://192.168.1.1/ty/h-113gLb 
     31## Version .04  January 2008 ## 
     32 
     33 
     34 
     35# The "install" command tells the system to install a fresh system 
     36# rather than upgrade an existing system.  You must specify the type 
     37# of installation in the form of:  cdrom, harddrive, nfs, url (ftp 
     38# http installation).  The "install" command and the installation 
     39# method command must be on separate lines. Examples:  
     40# url --url http://<server>/<dir> 
    3841#     --url ftp://<username>:<password>@<server>/<dir>    
    3942#           Passwd is in CLEAR with ftp!!!  Not to be used. 
     
    4245install 
    4346 
    44 #Perform the kickstart install in Text Mode.  Kickstart files are 
    45 #performed in graphical mode by default. 
     47# Perform the kickstart install in Text Mode.  Installs are 
     48# performed in graphical mode by default. 
    4649text 
    4750 
    48  
    49 #Configure network information for the system.  The "network"  
    50 #option configures networking information for kickstart installations 
    51 #via a network as well as for the installed system.  DHCP uses a DHCP 
    52 #server to get the network configuration information. 
     51# Defaults to a CD based install - disable if using URL or someother media 
     52# Use the network option if installing from a remote installation tree. 
     53cdrom 
     54 
     55# Configure network information for the system.  The "network"  
     56# option configures networking information for installations from an 
     57# installation tree on a remote server via NFS, FTP, or HTTP. DHCP  
     58# uses a DHCP server to get the network configuration information. 
    5359#network --bootproto dhcp 
    5460 
    55 #This is for a SS install 
    56 #Also need to enable network statement if using URL 
    57 #url --url http://192.168.1.1/ty/h-113gLb  
    58  
    59 #Defaults to a CD based install - disable if using URL or someother media 
    60 cdrom 
    61  
    62 #The "lang" command sets the language to use during installation. 
     61# Perform a remote install.  
     62# The network option is required if performing a remote install 
     63#url --url http://<server>/<dir> 
     64#url --ftp ftp://<username>:<password>@<server>/<dir>  
     65 
     66 
     67# The "lang" command sets the language to use during installation. 
    6368lang en_US 
    6469 
    65 #The "langsupport" to install on the system.  The --default switch 
    66 #must be used if more than one language is specified. 
     70# The "langsupport" to install on the system.  The --default switch 
     71# must be used if more than one language is specified. 
    6772langsupport --default en_US en_US 
    6873 
    69 #The "keyboard" command is required to set the system keyboard type. 
    70 #The "mouse" command is required to configure the mouse for the 
     74# The "keyboard" command is required to set the system keyboard type. 
    7175keyboard us 
    72 mouse none 
    73  
     76 
     77# The "mouse" command is required to configure the mouse type.  
     78# Giving no options will attempt to automatically detect the mouse. 
     79mouse 
     80 
     81 
     82##### WARNING: THIS WILL ERASE YOUR SYSTEM ##### 
     83# A full backup should be performed before installation. 
    7484zerombr yes 
    7585clearpart --all 
    7686 
    7787 
    78 #PARTITION NOTES 
    79 #The following options are required under 'Disk Partition Information'  
    80 #section in ks.cfg file, for creating the Logical Volume Manager (LVM)  
    81 #partitions using kickstart. 
     88# PARTITION NOTES 
     89# The following options are required under 'Disk Partition Information'  
     90# section in ks.cfg file, for creating the Logical Volume Manager (LVM)  
     91# partitions using kickstart. 
    8292  
    8393   #Disk partitioning information 
     
    106116 
    107117 
    108  
    109  
     118# Specifies how the GRUB bootloader should be installed. 
     119# Set a password to prevent any non-stadard boot options. 
     120# The password should be changed after installation. 
    110121bootloader --location mbr --password Dodiis_Redhat4321 
     122 
     123# Set the root password. 
     124# This should be changed after installation. 
     125rootpw 123)(*qweASD 
     126 
     127# Set the authentication options for the system. 
     128# Similar to the authconfig command. 
     129auth --enablemd5 --enableshadow 
     130 
     131# Set the timezone 
    111132timezone --utc America/New_York 
    112 auth --enablemd5 --enableshadow 
    113 rootpw 123)(*qweASD 
    114  
    115 ############################################# 
    116 # Set selinux into enforcing when released, # 
    117 # while testing use permissive              # 
    118 ############################################# 
    119 #selinux --enforcing 
    120 selinux --permissive 
     133 
     134# Enable selinux 
     135selinux --enforcing 
     136 
     137# Enable the firewall  
    121138firewall --enabled --port=22:tcp --port=161:tcp --port=1002:tcp 
     139 
     140# Reboot after installation is complete 
    122141reboot 
    123 #xconfig --card "VESA driver (generic)" --videoram 8192 --hsync 31.5-37.9 --vsync 50-70 --resolution #1024x768 --depth 32 --startxonboot --defaultdesktop gnome 
    124  
    125  
    126  
    127 #Install Packages.  This is site specific. 
     142 
     143 
     144 
     145 
     146# Install Packages.  This is site specific. 
    128147%packages --resolvedeps 
    129148@base 
     
    131150aide 
    132151sysstat 
    133 #################################### 
    134 # Why are we removing setools? (JJ)# 
    135 #################################### 
    136 -setools 
    137 ################################## 
    138 # Why are we removing audit? (JJ)# 
    139 ################################## 
    140 #audit 
    141 ################################ 
    142 # Why are we removing PAM? (JJ)# 
    143 ################################ 
    144 #pam 
    145 #pam-devel 
    146 #python-devel 
    147 #subversion 
    148 #tcl           
    149 #tcl-devel 
    150 #tk 
    151 #tk-devel 
     152setools 
     153audit 
    152154##################################### 
    153155# Remove tcpdump per STIG gen003865 # 
     
    256258%pre 
    257259 
    258 # %post --nochroot 
    259 # mkdir -p /mnt/sysimage/root/DoDIIS/errata 
    260 # mkdir /tmp/dodiis-iso 
    261 # mount /tmp/cdrom /tmp/dodiis-iso 
    262  
    263 # cp -fa /tmp/dodiis-iso/RedHat/post/* /mnt/sysimage/root/DoDIIS 
    264 # cp -fa /tmp/dodiis-iso/RedHat/errata/* /mnt/sysimage/root/DoDIIS/errata 
    265  
    266 %post --log=/root/post-install.log 
     260 
     261 
     262##### No changes should be made beyond this point ##### 
     263 
     264 
     265 
     266%post 
    267267# Log %post errors 
    268268########################################################################## 
     
    270270# configuraton of Red Hat according to DCID 6/3. 
    271271# 
    272 #Levels of Concern: 
    273 #Confidentiality PL4 
    274 #[ PL4 ] 
     272# Levels of Concern: 
     273# Confidentiality PL4 
     274# [ PL4 ] 
    275275########################################################################## 
    276276 
    277277 
    278 #The Red Hat provided GPG key Red Hat uses to sign all of our RPM packages 
     278# The Red Hat provided GPG key Red Hat uses to sign all of our RPM packages 
    279279rpm --import /usr/share/rhn/RPM-GPG-KEY 
    280280