- OS Hardening
- CIS Linux Baseline Benchmark
- Vagrant Base Image
- Ansible Playbooks/Roles/Tasks
- https://pagure.io/fedora-kickstarts/tree/f32
- https://pagure.io/fedora-comps/blob/master/f/comps-f32.xml.in
- Packer
- Vagrant
- Pykickstart
- Ansible
- Inspec
- DevSec Hardening Framework
./scripts/install.shbin/packer build -timestamp-ui -force -var-file='packer/f36.pkrvars.hcl' -only='*.virtualbox-iso.*' packer
bin/packer build -timestamp-ui -force -only='*.qemu.*' packerbin/vagrant provision
bin/vagrant up
ansible all -m ping
bin/vagrant sshbin/packer validate packer/template.pkr.hcl
ksvalidator --followincludes --version F32 kickstart/ks.cfgNOTE: Working in progress
FIXME: Networking between containers and KVM.
docker-compose build --compress --pull --build-arg UID=$(id -u) --build-arg GID=$(id -g) --build-arg GID_LIBVIRT=$(getent group libvirt | cut -d':' -f3)
docker-compose run --rm -e PACKER_LOG=1 provisioner packer build -force packer/template.pkr.hcl
remote-viewer spice+unix://output/qemu/fedora32.spice
minicom -D unix\#output/qemu/fedora32.consoleNOTE: WIP, might need to create a spice-server formula
The prebuilt QEMU binaies do not have support for the SPICE protocol.
-
brew install openssl@3 # brew link openssl, maybe -
git clone --depth 1 --tag v0.15.0 https://gitlab.freedesktop.org/spice/spice.git PKG_CONFIG_PATH="/usr/local/opt/openssl@3/lib/pkgconfig" LDFLAGS="-L/usr/local/opt/openssl@3/lib" CPPFLAGS="-I/usr/local/opt/openssl@3/include" ./configure --disable-sasl --disable-tests --prefix=/usr/local/opt/spice-server --libdir=/usr/local/opt/spice-server/lib --includedir=/usr/local/opt/spice-server/include ln -sv /usr/local/opt/spice-server/lib/pkgconfig/spice-server.pc /usr/local/share/pkgconfig/spice-server.pc ln -sv /usr/local/opt/spice-server/lib/pkgconfig/spice-server.pc /usr/local/opt/spice-protocol/share/pkgconfig # Hack for brew, until i make a formula - Edit the brew formula for QEMU
In
brew edit qemu
Class Qemu < Formula:- Add
depends_on spice-protocol - Under
def installadd--enable-spiceto list forargs
- Add
- Build QEMU
PKG_CONFIG_PATH="/usr/local/opt/spice-server/lib/pkgconfig" \ LDFLAGS="-L/usr/local/opt/spice-server/lib" \ CFLAGS="-I/usr/local/opt/spice-server/include/" \ brew install --build-from-source --verbose qemu -
brew install libvirt
PKG_CONFIG_PATH="/usr/local/opt/spice-protocol/share/pkgconfig/:/usr/local/opt/pixman/lib/pkgconfig/:/usr/local/opt/glib/lib/pkgconfig/:/usr/local/opt/spice-server/lib/pkgconfig:$PKG_CONFIG_PATH" LDFLAGS="-L/usr/local/opt/spice-server/lib" CPPFLAGS="-I/usr/local/opt/spice-server/include/" LIBTOOL=glibtool ./configure --prefix="${HOMEBREW_FORMULA_PREFIX}" --disable-bsd-user --disable-guest-agent --enable-curses --enable-libssh --enable-slirp=system --enable-vde --enable-virtfs --enable-zstd --extra-cflags=-DNCURSES_WIDECHAR=1 --disable-sdl --enable-spice --smbd="${HOMEBREW_PREFIX}/sbin/samba-dot-org-smbd" --disable-gtk --enable-cocoa
- Inspec
- Push Vagrant images to Atlas
- Ansible lint
- Test Kitchen
- OSCAP/NIST
- Docker base image
- Ansible playbooks
- Gnome Desktop
Copyright 2020 digitalr00ts
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.