Tutorial: Show advanced OSCAP Anaconda Add-On Usage

[iankko]

Similar like in case:
    [1] #54

we will use OSCAP Anaconda Add-On for this tutorial. But it will be a bit more enhanced.

First:

1. Create RPM content for the RHEL-7's RH CCP profile from scap-security-guide package (e.g. via scap-workbench),
2. Then create your own kickstart file, specifying:
   * RPM package should be used as input for the OSCAP Anaconda Add-On,
   * the RH-CCP profile should be used as the requirement for the installed system,
3. Apply that kickstart and that RPM to create a VM guest using OSCAP-Anaconda-Addon to install a RHEL-7.2 Beta system to be compliant against the RH CCP profile. Perform the installation, perform the oscap scan past the installation, and present the final HTML formatted report (it's possible not all rules will be passing in this case - but that isn't important for this particular use case).

Resources:

1. Diploma thesis of Vratislav Podzimek: http://is.muni.cz/th/324874/fi_m/thesis.pdf
2. Examples section of that diploma thesis (you would be probably interested in ks.cfg for kickstart sample): http://is.muni.cz/th/324874/fi_m/attachments.zip
3. OAA kickstart documentation (https://fedorahosted.org/oscap-anaconda-addon/wiki/KickstartDocumentation)
4. Should you need guidance how to create RPM from profile in scap-worbench, have a look at SCAP Workbench's manual

Expected tutorial output:

• describe the steps to create RPM for selected profile,
• describe steps how that RPM is imported into OSCAP Anaconda Addon (you would put it somewhere on the web, so it's reachable via OAA install),
• describe steps how to create a custom kickstart file for this RPM and this profile,
• create couple of screenshots during OAA system install, and one final screenshot of system scan against RH CCP profile.

[matejak]

This issue is well-described and valid as of 05/2018.