I am trying to harden an existing Oracle Linux 8 OS with OpenSCAP CISv2 but there is no available bash scripts that can automate this compared to RHEL8.
In Oracle Linux 8 I was told to install OpenSCAP packages.
sudo dnf install openscap openscap-utils scap-security-guide
Once installed, a list of bash scripts will be available in "/usr/share/scap-security-guide/bash/" where users can run their choice of security policies.
Unfortunately for Oracle Linux 8, there isn't any available CIS security policy as compared to RHEL8.
I've also tried to extract the CIS bash script from RHEL 8 and have it executed on Oracle Linux 8 but most portions of it would not work due to missing packages or repo. There might be other errors that I've might missed out but moving forward I am uncertain if remediating this is the way to continue, due to the amount of changes that is required, in order for the bash script to run perfectly.
I've seen OpenSCAP documenting a CIS v2 on Oracle Linux 8 but I've yet to find something that can automate the installation of CIS security policy unlike RHEL 8.
Is there anyway to attain a bash script that would allow me to automate the installation of CIS security policy to existing Oracle Linux 8?
Any help will be much appreciated.
Thanks!
Related
I would like to know if Informatica can be used on Windows system ? If so what are the prerequisites?
Both the previous answers are wrong.
Windows 10 is supported for installing the client tools only.
For exact details which Windows server versions are supported, please log on (after initial sign-up if you haven't already done so) to the Informatica Network at https://network.informatica.com ; there's a section named Product Availability Matrices, here you find for each PowerCenter version the so-called Product Availability Matrix (PAM) indicating which Windows versions are supported for server installation and for client installation. You need both, and you can install both on the same Windows server system.
I won't go into this ugly ancient flame war here. Be it enough to say that some people managed to install the server part on Windows 10, but very few ever made it work reliably (in most cases the installation seems to work but doesn't, at latest after the next system restart). I wouldn't waste one single second trying to do so, it's not worth the time.
I wonder what guest OS are compatible to the invoke-VMScript cmdlet. The reason I'm asking: I plan to include VMWare in my (automated) test environment. What I read so far:
Windows Server 2008
Windows Server 2012
A Fedora-Version
I would like to know, what windows and linux guest you have experience with and (if appliable) what languages are invokeable. E.g. CMD at windows, or maybe Bash or Powershell at Linux.
According to the documentation powershell bat(cmd) and bash are all supported, I don't have a linux machine handy to confirm but based on this link it looks like you can run powershell on Linux VM's as long as .Net and Powershell have been installed and the machine has been rebooted since this install. Beyond that depending on the VM config you can use any of those methods to create and launch scripts that target just about any language by building them as strings inside of the script that is delivered, writing them to a temp file and then launching the correct interpreter and calling the newly created file. note that there seem to be a bunch of edge-cases here so you may want to review the requirements here
I'm trying to implement Ansible in our company.
I have 2 huge problems that may cause us to leave this product, but before we give up I thought maybe someone could help us.
Some overall information - We installed ansible 2.1 on RHEL 6.5. We tried to use Ansible Tower but we gave up because of the complexity (most of our use is for ad-hoc commands).
The first issue is managing Windows server 2003. When we want to manage windows servers, we need to run the pre-script, but it only works with PowerShell v.3 and above, while Windows server 2003 is not supporting PowerShell v.3 (it's almost impossible to install this version).
In our company (unfortunately) there still dozens of Windows server 2003 machines.
Is there a way to make Ansible being able to manage those servers?
The second issue is the timeout of the WinRM. When we running an ad-hoc command on windows servers, there are machines that Ansible succeed to make a WinRM connection, but its hang out waiting the command to run (for example, even simple "hostname" commands).
We reduced the ansible timeout, but it's still hang out, so we assuming that it succeed making the WinRM connection but hang after.
There ia a way to configure the time out of ALL the process of ansible per machine, or otherwise configure the WinRM to have timeout after the connection succeeded?
Thanks,
Afik
Basically, no- due to major shortcomings of Powershell 2 for things we need to do, and the incredibly low number of Server 2003 installs left out there, we made PS3 the minimum required version.
There's been a little bit of work done by community folks to make a PS2-friendly version of the WinRM connection plugin to at least get basic Ansible connectivity working there (so "raw" will work, and modules can be transferred/run), but pretty much all the existing modules rely on Powershell cmdlets that don't exist in PS2/S2003. So you'd be back to "raw" for everything, which isn't much more useful than Powershell remoting (other than being able to blast commands to multiple machines at a time). If you want to see that, it's at
https://github.com/elum/ansible and
https://github.com/elum/ansible-modules-core
but we're unlikely to accept this into the core product or support it in any way.
I am using Ansible for some infrastructure management problem for my project. I achieved this task using a Linux client like say to copy a bin file from Ansible server and install it on a client machine. This involves tasks in my playbooks using normal Linux commands like ssh, scp, ./bin etc.,
Now I want to achieve the same in a windows client. I couldn't find any good documentation to try it out. If anyone of you have tried using Ansible with Windows client then it would be great if you could share the procedures or prototype or any piece of information to start with and progress further on my problem.
There's no built-in Windows support for Ansible today. If you search the mailing list, you'll find some references to people having some minimal success with things like CygWin. You should probably check out the mailing list and stay tuned.
Starting in version 1.7, Ansible also contains support for managing Windows machines. This uses native powershell remoting, rather than SSH. See the Ansible documentation website for details on Windows support for Ansible.
Ansible Windows support (including Azure) has been extended a great deal in 2.2 which released in June. https://www.ansible.com/blog/ansible-2.1 For what it's worth, I've also released a course on Pluralsight for managing Windows targets with Ansible
You can use powershell remoting. But i'm using SSH with Cygwin installed in windows so that the same linux code will work smoothly in windows as well.
I have a program using odac(11.2) and oracle client 11.2. Now I want to deploy it to a box which is already installed a oracle 9i client.
Some existing programs is depend on it so I fear the new client will harm the existing program. Is this true? And how can I keep them all working properly?
Normally you install oracle products in a dedicates ORACLE_HOME in different directories (like /ora/app/oracle/product/9.2 and /ora/app/oracle/product/11.2). Then you set the $ORACLE_HOME and $PATH variables to that directory which will be working fine.
We use many different client versions from 8.1.6 to 11.2 on one machine. Every application has an own shell script setting up the correct environment prior to starting.