[nate@social0 ~]$ Dec 11

So. one of the things that I am busy with, is part of a lab that will be used at conferences and events around RHEL Image mode (bootc), on building compliance and hardening into the base image. Pretty neat stuff.

You can use OpenSCAP in the Containerfile, and harden the OS before it ever hits hardware. On the other side of it, you get an immutable OS, thats configured to your compliance profile. Pretty cool.

But its due tomorrow, which is what makes it stressful. :P

#redhat #rhel #bootc #linux #openscap #compliance

Show threadMosibi

@gangrif while doing the same, I hit an issue that enabling fips resulted in an non-booting system, which seems to be triggered by using the blueprint method to do the hardening.

Can you share more info about your config?

Dec 11 at 9:27pmIceCubesApp
Show thread[nate@social0 ~]$ Dec 11

@Mosibi I havent tried it with FIPS, i'd have to check to see if there are known bugs there.

I am just using CIS Level 1 as a demo. using oscap-im to deploy it at bootc image build time.