시작 파일이 있습니다레드햇 6설치 패키지 섹션에서TCP 덤프tcpdump
패키지 이름으로 명령줄 유틸리티를 지정했습니다 .
킥스타트 패키지 설치 섹션에서 java
했던 것과 같습니다.g++
그러나 tcpdump
설치가 없고 로그에 패키지를 찾을 수 없음 오류가 없습니다. tcpdump
ISO 이미지의 패키지 폴더에 있는 것처럼 잘못된 이름을 사용해야 한다는 사실로 범위를 좁혔기 때문입니다.
kickstart를 사용하여 설치할 때 잘못된 패키지 이름을 사용하고 있는지 tcpdump
, 그렇지 않은 경우 왜 tcpdump
설치되지 않는지 아는 사람이 있습니까?
킥스타트 파일이 생성되는 방식입니다.상호작용 시작
이것은 시작 파일입니다
# Kickstart file automatically generated by anaconda.
#version=DEVEL
install
cdrom
lang en_US.UTF-8
keyboard us
network --onboot yes --device eth0 --bootproto dhcp --noipv6 --hostname foo.com
network --onboot no --device eth1 --bootproto dhcp --noipv6 --hostname foo.com
rootpw --iscrypted $6$ctcMrYm9AEKlWfnA$kcRxAfrhWXsioG7fmNlDjApHfEfIRzOpF/26y5baUzO9Ui0lyDxq1mGmya/vgg8QWb2rrK2D/ZXvjaCgVqs/M/
firewall --service=ssh
authconfig --enableshadow --passalgo=sha512
selinux --enforcing
timezone --utc America/New_York
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto audit=1 rhgb rhgb quiet quiet" --password=$6$5XAx7bX3TjSpfrAn$VifzJ4djGMgF0xlkAfh3drvI7SF/ZZy9cRbF01.jyu4XDv5Bk3tLirj4u.XpGolJiHx4ZFuoZesvtuJ/1j8lJ.
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work
#clearpart --all --drives=sda
#part /boot --fstype=ext4 --size=1024
#part pv.008002 --grow --size=200
#volgroup vg1 --pesize=4096 pv.008002
#logvol /var/log/audit --fstype=ext4 --name=lv_audit --vgname=vg1 --grow --size=512
#logvol /home --fstype=ext4 --name=lv_home --vgname=vg1 --grow --size=1024
#logvol /var/log --fstype=ext4 --name=lv_log --vgname=vg1 --grow --size=512
#logvol / --fstype=ext4 --name=lv_root --vgname=vg1 --grow --size=2048
#logvol /tmp --fstype=ext4 --name=lv_tmp --vgname=vg1 --grow --size=512
#logvol /var --fstype=ext4 --name=lv_var --vgname=vg1 --grow --size=512
%packages
@Base
@Core
@core
aide
bzip2
cryptsetup-luks
dos2unix
dracut-fips
fipscheck
gnupg2
krb5-libs
krb5-workstation
logwatch
ntp
openscap
openscap-utils
openssh-clients
openswan
pam_krb5
rsyslog
screen
scrub
tcpdump
tpm-tools
trousers
unix2dos
unzip
virt-what
vlock
which
xml-common
xz
yum-plugin-security
yum-utils
zip
-abrt*
%end
%pre
#!/bin/bash
# Create Configurations
/bin/touch /tmp/stig-fix
/bin/touch /tmp/stig-fix-packages
/bin/touch /tmp/stig-fix-post
/bin/touch /tmp/stig-fix-post-nochroot
# Launch XWindows and menu.py to configure system
/usr/bin/Xorg -br :0 &
/usr/bin/metacity --display :0 --sm-disable &
export DISPLAY=:0
/usr/bin/python /mnt/stage2/stig-fix/menu.py
unset DISPLAY
killall metacity
killall Xorg
%end
%post --nochroot
#!/bin/bash
# Create Directory
mkdir -p /mnt/sysimage/root/stig-fix
# Firefox DISA STIG Configuration
cp /mnt/source/stig-fix/dod_firefox_config.tar.gz /mnt/sysimage/root/stig-fix/
# Copy RPMs from Install media to root
cp /mnt/source/stig-fix/*rpm /mnt/sysimage/root/stig-fix/
# Classification Banner Configuration
cp /tmp/classification-banner /mnt/sysimage/etc/classification-banner
###############################################################################
# Custom Post-Installation Scripts (nochroot)
###############################################################################
%end
%post
#!/bin/bash
# Install Firefox DISA STIG Configuration
rm -rf /root/.mozilla
rm -rf /etc/skel/.mozilla
/bin/tar xvzf /root/stig-fix/dod_firefox_config.tar.gz -C /root/
/bin/tar xvzf /root/stig-fix/dod_firefox_config.tar.gz -C /etc/skel/
# Create Repository for Local Patching
cat << EOF > /etc/yum.repos.d/rhel-dvd.repo
[rhel-dvd]
name=Red Hat Enterprise Linux - DVD
baseurl=file:///media/
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
EOF
# Add Classification Banner (Graphical)
if [[ -d /etc/xdg/autostart/ ]]; then
cat << EOF > /etc/xdg/autostart/classification-banner.desktop
[Desktop Entry]
Name=Classification Banner
Exec=/usr/local/bin/classification-banner.py
Comment=User Notification for Security Level of System.
Type=Application
Encoding=UTF-8
Version=1.0
MimeType=application/python;
Categories=Utility;
X-GNOME-Autostart-enabled=true
StartupNotify=false
Terminal=false
EOF
fi
# Install Hardening Script
/usr/bin/yum localinstall -y /root/stig-fix/*rpm
# Remove nfs-utils to fix missing rpcbind package
/usr/bin/yum erase -y nfs-utils
# Clean Up
rm -rf /root/stig-fix
# Clean Yum
yum clean all &> /dev/null
###############################################################################
# Custom Post-Installation Scripts - Hardening script now called in menu.py
###############################################################################
/sbin/stig-fix -q &> /dev/null
# Use SCAP Security Guide to take a benchmark of the Installed System as a baseline
/usr/bin/oscap xccdf eval --profile stig-rhel6-server-upstream --results /root/`hostname`-ssg-results.xml --report /root/`hostname`-ssg-results.html --cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml
%end