Hi, Unfortunately, the "tailoring" feature is broken in Anaconda Addon.
However, there is a workaround, suggested by Watson Yuuma Sato (adding him to this conversation). Let me copy-paste his idea: There is a tool that can combine the tailoring to the datastream or XCCDF file. So it is possible to embed the tailoring into content file and get it through "content-url" field. Quick howto commands and instructions below: Grab the combine-tailoring tool $ git clone https://github.com/mpreisler/combine-tailoring.git cd combine-tailoring Combine tailoring and content ./combine-tailoring.py --output ssg-rhel7-ds-combined.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml ssg-rhel7-ds-standard-tailoring.xml Serve the file ssg-rhel7-ds-combined.xml in your network, and in the kickstart: - change content-type to datastream or xccdf - add field content-url and point to your new combined content - change profile to the id of your customized profile, please note that it must be the full id. For example: %addon org_fedora_oscap content-type = datastream content-url = http://192.168.0.2/content/ssg-rhel7-ds-combined.xml profile = xccdf_org.ssgproject.content_profile_standard_customized %end Hopefully it helps. Regards Jan Černý Security Technologies | Red Hat, Inc. ----- Original Message ----- > From: "MARK D CTR USAF AFMC 412 RANS ROSS/JT4" <[email protected]> > To: [email protected] > Sent: Thursday, October 4, 2018 2:02:51 AM > Subject: [Open-scap] question on addon_fedora_oscap > > HI > I hope this is the right place to ask this ? I am not finding much help with > the documents. My goal is to build virtual systems that is scapped and using > the kickstart Anaconda Addon to automate the scaping process. Everything is > working except for the "tailoring-path". I have created a tailoring.xml file > and I don't understand how to fetch the tailoring.xml file > > >From the DOCS > tailoring-path - Path of the tailoring file that should be used, given as a > relative path in the archive. > > So if the tailoring-path must be in an archive, does the content-type have to > be "archive" ? if so then what type of archive ? tar ? rpm ? > I am fetching everything over the network so what would be my best option ? > Can anyone direct me to an example of this ? > thanks > > %addon org_fedora_oscap > > content-type = datastream > > content-url = http://adaps-f1/scap/ssg-centos7-ds.xml > > datastream-id = > scap_org.open-scap_datastream_from_xccdf_ssg-rhel7-xccdf-1.2.xml > > xccdf-id = scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml > > profile = xccdf_org.ssgproject.content_profile_stig-rhel7-disa > > tailoring-path = http://adaps-f1/scap/ssg-centos7-ds-tailoring.xml > > %end > > > _______________________________________________ > Open-scap-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/open-scap-list > _______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
