It security Week 12 OpenSCAP

Goal

To create a packer template that creates a Debian stable image that passes OpenSCAP validation.

There is no package for OpenSCAP on Debian stable, to side step this issue:

This will not work, since OpenSCAP is not yet staticly linkable. See OpenSCAP for USB Flash Drive - Issue #197

Build a staticly linked oscap executable for Debian stable. This makes the resulting binary run on the target system without any dependecies.
Copy the static oscap binary to the target system
Use oscap-ssh from the host system into the target system
Remove the static oscap binary from the target system

Build a version of OpenSCAP for debian stable.
Package this version so it is easy to transfer to the target, and purge after use.
Copy the oscap filses to the target system
Use oscap-ssh from the host system into the target system
Remove the static oscap files from the target system.

git for cloning this
ansible for running this
Debian contrib packages for installing cmake used during the SCAP security guide build.

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
.gitignore		.gitignore
README.md		README.md
build_oscap-sec-guide.sh		build_oscap-sec-guide.sh
build_oscap.sh		build_oscap.sh
playbook.yml		playbook.yml