Hi all! This is my first post and I've been struggling with this for several hours, so I apologise if it seems disorganized.
I'm an IT student and using CentOS as a way to study for RHCSA/CE and want to ensure that I understand the installation process and security policies fully. However,
the installation documentation doesn't match the actual installation process.
From the Installation Summary window, click Security Policy. The Security Policy window opens.
To enable security policies on the system, toggle the Apply security policy switch to ON.
Select one of the profiles listed in the top pane.
Click Select profile.
Click Change content to use a custom profile. A separate window opens allowing you to enter a URL for valid security content.
Click Fetch to retrieve the URL.
Click Use SCAP Security Guide to return to the Security Policy window.
Click Done to apply the settings and return to the Installation Summary window.
- asfd.jpg (45.69 KiB) Viewed 3039 times
It doesn't matter what you put in the address box, everything is invalid content. Before you ask, network is fully configured. No difference between NAT and bridged modes in virtualbox, and I can set network time and add additional repositories via a mirrorlist to the installation source just fine.
I'm unsure of how to implement this after the installation.
Code: Select all
ls /usr/share/xml/scap/ssg/content/
doesn't show any ssg-centos8 files. Trying to verify the security policy with
Code: Select all
oscap xccdf eval --profile ospp /usr/share/xml/scap/ssg/content/ssg-rhel8-xccdf.xml
just shows the following, with "not applicable" all the way down.
- fdsa.jpg (43.73 KiB) Viewed 3039 times
I've read in
another post here, that "...as far as I am aware, the security profile is intentionally unsupported on CentOS." It's not explained at all in the documentation, at least as far as I've been able to find, and if it's unsupported then why is it part of the installation GUI?
You can find a
Centos 8 profile (xccdf_org.ssgproject.content_profile_standard) with the following command line snippet for it: (and it's the same as the
RHEL 8 profile)
Code: Select all
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard \
/usr/share/xml/scap/ssg/content/ssg-centos8-ds.xml
So what's going on here?
doesn't even show Centos 8. Is this just some quirk of Centos, or a slight difference between Centos and REHL, that an experienced person would know and a student wouldn't? I'm smashing my head on my desk here trying to figure this out because it works the exact same way in Centos 7 installation (except you can actually configure the security policy). I'm just trying to make sure I understand what is going on so I can write down a note in my study guide and call it a day. There's absolutely nothing on this, aside from other people with the same unanswered question, on the internet and it's kind of ridiculous.