RHEL7 quick start does not work well on RHEL 7 on AWS.

[gregelin]

GovReady install and scab-security-guide install seem to put in RHEL6 content.

[gregelin]

RHEL 7 64-bit (ami-12663b7a) on AWS EC-2 quick start

Red Hat Enterprise Linux 7.1 (HVM), SSD Volume Type - ami-12663b7a

Note: You will be logged in as ec2-user with sudo privileges b/c you are in AWS.

# Update nss to pre-emptively avoid problems with EPEL certificates (https://github.com/GovReady/govready/issues/64)
# Alternate if epel installed: sudo yum --disablerepo="epel" update nss -y
sudo yum clean all
sudo yum update nss -y

sudo yum install scap-security-guide -y

# Install govready using curl. govready will install OpenSCAP and SCAP-Security-Content
curl -Lk io.govready.org/install | sudo bash

# Note: GovReady will report OpenSCAP install failed b/c OpenSCAP already installed.

# Switch to root so scanner can run all tests properly
# It's OK. You are using a non-production vm, right?
sudo su - 

cd /home/ec2-user/

# Create a directory and cd into it
mkdir myfisma && cd myfisma

# Initialize the directory
govready init

# Update GovReadyfile using sed command (or update the CPE line manually using a text editor)
sed -i 's:rhel6:rhel7:' GovReadyfile

# Change profile
govready profile rht-ccp

# Run a scan
govready scan

# List results
ls -l scans

# View repoort from most recent scan
lynx scans/results.html

# Run fix script generated by most recent OpenSCAP scan
govready fix

# Scan again
govready scan

# Compare before and after scans. Compares rules with 'pass' results in most recent scan to results in second most recent scan.
govready compare

# Compare before and after scans to see if anything fails passed in second most recent scan.
govready compare fail

# Information and evaluation of individual rule (rule must be listed in results.xml file)
govready rule sshd_disable_root_login

# See available profiles (e.g., baselines)
govready profiles

# Run a scan for a different profile (e.g., baseline)
govready scan <profile>