From b3c2e7188728b67c01e419c4db2ea8702b4528df Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Thu, 5 Mar 2026 11:29:46 -0600 Subject: [PATCH] Adjust BSI and PCI DSS kickstarts --- products/rhel9/kickstart/ssg-rhel9-bsi-ks.cfg | 2 +- .../rhel9/kickstart/ssg-rhel9-pci-dss-ks.cfg | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/products/rhel9/kickstart/ssg-rhel9-bsi-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-bsi-ks.cfg index 2989a47c9225..68a69d4d0d9c 100644 --- a/products/rhel9/kickstart/ssg-rhel9-bsi-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-bsi-ks.cfg @@ -115,7 +115,7 @@ logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="n logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" # Ensure /var Located On Separate Partition # partition_for_var -logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=2048 +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=4096 # Ensure /var/log Located On Separate Partition # partition_for_var_log logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 diff --git a/products/rhel9/kickstart/ssg-rhel9-pci-dss-ks.cfg b/products/rhel9/kickstart/ssg-rhel9-pci-dss-ks.cfg index 55a0a069cac0..cbb5ce7e2dcb 100644 --- a/products/rhel9/kickstart/ssg-rhel9-pci-dss-ks.cfg +++ b/products/rhel9/kickstart/ssg-rhel9-pci-dss-ks.cfg @@ -78,7 +78,7 @@ zerombr # The following partition layout scheme assumes disk of size 20GB or larger # Modify size of partitions appropriately to reflect actual machine's hardware -# +# # Remove Linux partitions from the system prior to creating new ones (optional) # --linux erase all Linux partitions # --initlabel initialize the disk label to the default based on the underlying architecture @@ -93,32 +93,32 @@ part pv.01 --grow --size=1 volgroup VolGroup pv.01 # Create particular logical volumes (optional) -logvol / --fstype=xfs --name=root --vgname=VolGroup --size=5120 --grow +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=1024 --grow # CCE-26557-9: Ensure /home Located On Separate Partition -logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev" # CCE-26435-8: Ensure /tmp Located On Separate Partition logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" # CCE-26639-5: Ensure /var Located On Separate Partition -logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=4096 --fsoptions="nodev" # CCE-26215-4: Ensure /var/log Located On Separate Partition -logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev" +logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=512 --fsoptions="nodev" # CCE-26436-6: Ensure /var/log/audit Located On Separate Partition logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev" logvol swap --name=swap --vgname=VolGroup --size=2016 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) # content - security policies - on the installed system.This add-on has been enabled by default -# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this +# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this # functionality will automatically be installed. However, by default, no policies are enforced, # meaning that no checks are performed during or after installation unless specifically configured. -# +# # Important # Applying a security policy is not necessary on all systems. This screen should only be used # when a specific policy is mandated by your organization rules or government regulations. # Unlike most other commands, this add-on does not accept regular options, but uses key-value # pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. # Values can be optionally enclosed in single quotes (') or double quotes ("). -# +# # For more details and configuration options see # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/performing_an_advanced_rhel_9_installation/index#addon-com_redhat_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program %addon com_redhat_oscap