ComplianceAsCode
diff --git a/‎products/rhel8/kickstart/ssg-rhel8-anssi_bp28_enhanced-ks.cfg‎
Lines changed: 4 additions & 3 deletions b/‎products/rhel8/kickstart/ssg-rhel8-anssi_bp28_enhanced-ks.cfg‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎products/rhel8/kickstart/ssg-rhel8-anssi_bp28_high-ks.cfg‎
Lines changed: 4 additions & 3 deletions b/‎products/rhel8/kickstart/ssg-rhel8-anssi_bp28_high-ks.cfg‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎products/rhel8/kickstart/ssg-rhel8-anssi_bp28_intermediary-ks.cfg‎
Lines changed: 4 additions & 3 deletions b/‎products/rhel8/kickstart/ssg-rhel8-anssi_bp28_intermediary-ks.cfg‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎products/rhel8/kickstart/ssg-rhel8-cis-ks.cfg‎
Lines changed: 7 additions & 6 deletions b/‎products/rhel8/kickstart/ssg-rhel8-cis-ks.cfg‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎products/rhel8/kickstart/ssg-rhel8-cis_server_l1-ks.cfg‎
Lines changed: 7 additions & 6 deletions b/‎products/rhel8/kickstart/ssg-rhel8-cis_server_l1-ks.cfg‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎products/rhel8/kickstart/ssg-rhel8-cis_workstation_l1-ks.cfg‎
Lines changed: 7 additions & 6 deletions b/‎products/rhel8/kickstart/ssg-rhel8-cis_workstation_l1-ks.cfg‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎products/rhel8/kickstart/ssg-rhel8-cis_workstation_l2-ks.cfg‎
Lines changed: 7 additions & 6 deletions b/‎products/rhel8/kickstart/ssg-rhel8-cis_workstation_l2-ks.cfg‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎products/rhel8/kickstart/ssg-rhel8-cui-ks.cfg‎
Lines changed: 4 additions & 3 deletions b/‎products/rhel8/kickstart/ssg-rhel8-cui-ks.cfg‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎products/rhel8/kickstart/ssg-rhel8-ospp-ks.cfg‎
Lines changed: 4 additions & 3 deletions b/‎products/rhel8/kickstart/ssg-rhel8-ospp-ks.cfg‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎products/rhel8/kickstart/ssg-rhel8-pci-dss-ks.cfg‎
Lines changed: 3 additions & 2 deletions b/‎products/rhel8/kickstart/ssg-rhel8-pci-dss-ks.cfg‎
Lines changed: 3 additions & 2 deletions
@@ -85,9 +85,10 @@ zerombr
 # --linux	erase all Linux partitions
 # --initlabel	initialize the disk label to the default based on the underlying architecture
 clearpart --linux --initlabel
+reqpart
 
 # Create primary system partitions (required for installs)
-part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
+part /boot --fstype=xfs --size=2048 --fsoptions="nodev,nosuid,noexec"
 part pv.01 --grow --size=1
 
 # Create a Logical Volume Management (LVM) group (optional)
@@ -102,13 +103,13 @@ logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=512 --fsoptions="no
 # Ensure /srv Located On Separate Partition
 logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
 # Ensure /home Located On Separate Partition
-logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev"
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/tmp Located On Separate Partition
 logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var Located On Separate Partition
-logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log Located On Separate Partition
 logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log/audit Located On Separate Partition
 
@@ -89,9 +89,10 @@ zerombr
 # --linux	erase all Linux partitions
 # --initlabel	initialize the disk label to the default based on the underlying architecture
 clearpart --linux --initlabel
+reqpart
 
 # Create primary system partitions (required for installs)
-part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
+part /boot --fstype=xfs --size=2048 --fsoptions="nodev,nosuid,noexec"
 part pv.01 --grow --size=1
 
 # Create a Logical Volume Management (LVM) group (optional)
@@ -106,13 +107,13 @@ logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=512 --fsoptions="no
 # Ensure /srv Located On Separate Partition
 logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
 # Ensure /home Located On Separate Partition
-logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev"
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/tmp Located On Separate Partition
 logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var Located On Separate Partition
-logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log Located On Separate Partition
 logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log/audit Located On Separate Partition
 
@@ -86,9 +86,10 @@ zerombr
 # --linux	erase all Linux partitions
 # --initlabel	initialize the disk label to the default based on the underlying architecture
 clearpart --linux --initlabel
+reqpart
 
 # Create primary system partitions (required for installs)
-part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
+part /boot --fstype=xfs --size=2048 --fsoptions="nodev,nosuid,noexec"
 part pv.01 --grow --size=1
 
 # Create a Logical Volume Management (LVM) group (optional)
@@ -103,13 +104,13 @@ logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=512 --fsoptions="no
 # Ensure /srv Located On Separate Partition
 logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
 # Ensure /home Located On Separate Partition
-logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev"
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/tmp Located On Separate Partition
 logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var Located On Separate Partition
-logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log Located On Separate Partition
 logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log/audit Located On Separate Partition
 
@@ -87,28 +87,29 @@ zerombr
 # --linux	erase all Linux partitions
 # --initlabel	initialize the disk label to the default based on the underlying architecture
 clearpart --linux --initlabel
+reqpart
 
 # Create primary system partitions (required for installs)
-part /boot --fstype=xfs --size=512
+part /boot --fstype=xfs --size=2048
 part pv.01 --grow --size=1
 
 # Create a Logical Volume Management (LVM) group (optional)
 volgroup VolGroup pv.01
 
 # Create particular logical volumes (optional)
-logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=5120 --grow
 # Ensure /home Located On Separate Partition
-logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
 # Ensure /var/tmp Located On Separate Partition
 logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var Located On Separate Partition
-logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev,nosuid"
 # Ensure /var/log Located On Separate Partition
-logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log/audit Located On Separate Partition
-logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 logvol swap --name=swap --vgname=VolGroup --size=2016
 
 
 
@@ -87,28 +87,29 @@ zerombr
 # --linux	erase all Linux partitions
 # --initlabel	initialize the disk label to the default based on the underlying architecture
 clearpart --linux --initlabel
+reqpart
 
 # Create primary system partitions (required for installs)
-part /boot --fstype=xfs --size=512
+part /boot --fstype=xfs --size=2048
 part pv.01 --grow --size=1
 
 # Create a Logical Volume Management (LVM) group (optional)
 volgroup VolGroup pv.01
 
 # Create particular logical volumes (optional)
-logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=5120 --grow
 # Ensure /home Located On Separate Partition
-logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
 # Ensure /var/tmp Located On Separate Partition
 logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var Located On Separate Partition
-logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev,nosuid"
 # Ensure /var/log Located On Separate Partition
-logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log/audit Located On Separate Partition
-logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 logvol swap --name=swap --vgname=VolGroup --size=2016
 
 
 
@@ -87,28 +87,29 @@ zerombr
 # --linux	erase all Linux partitions
 # --initlabel	initialize the disk label to the default based on the underlying architecture
 clearpart --linux --initlabel
+reqpart
 
 # Create primary system partitions (required for installs)
-part /boot --fstype=xfs --size=512
+part /boot --fstype=xfs --size=2048
 part pv.01 --grow --size=1
 
 # Create a Logical Volume Management (LVM) group (optional)
 volgroup VolGroup pv.01
 
 # Create particular logical volumes (optional)
-logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=5120 --grow
 # Ensure /home Located On Separate Partition
-logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
 # Ensure /var/tmp Located On Separate Partition
 logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var Located On Separate Partition
-logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev,nosuid"
 # Ensure /var/log Located On Separate Partition
-logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log/audit Located On Separate Partition
-logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 logvol swap --name=swap --vgname=VolGroup --size=2016
 
 
 
@@ -87,28 +87,29 @@ zerombr
 # --linux	erase all Linux partitions
 # --initlabel	initialize the disk label to the default based on the underlying architecture
 clearpart --linux --initlabel
+reqpart
 
 # Create primary system partitions (required for installs)
-part /boot --fstype=xfs --size=512
+part /boot --fstype=xfs --size=2048
 part pv.01 --grow --size=1
 
 # Create a Logical Volume Management (LVM) group (optional)
 volgroup VolGroup pv.01
 
 # Create particular logical volumes (optional)
-logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=5120 --grow
 # Ensure /home Located On Separate Partition
-logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
 # Ensure /var/tmp Located On Separate Partition
 logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var Located On Separate Partition
-logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev,nosuid"
 # Ensure /var/log Located On Separate Partition
-logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
+logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/log/audit Located On Separate Partition
-logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
+logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 logvol swap --name=swap --vgname=VolGroup --size=2016
 
 
 
@@ -86,18 +86,19 @@ zerombr
 # --linux	erase all Linux partitions
 # --initlabel	initialize the disk label to the default based on the underlying architecture
 clearpart --linux --initlabel
+reqpart
 
 # Create primary system partitions (required for installs)
-part /boot --fstype=xfs --size=512
+part /boot --fstype=xfs --size=2048 --fsoptions="nodev,nosuid"
 part pv.01 --grow --size=1
 
 # Create a Logical Volume Management (LVM) group (optional)
 volgroup VolGroup pv.01
 
 # Create particular logical volumes (optional)
-logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=5120 --grow
 # Ensure /home Located On Separate Partition
-logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/tmp Located On Separate Partition
 
@@ -86,18 +86,19 @@ zerombr
 # --linux	erase all Linux partitions
 # --initlabel	initialize the disk label to the default based on the underlying architecture
 clearpart --linux --initlabel
+reqpart
 
 # Create primary system partitions (required for installs)
-part /boot --fstype=xfs --size=512
+part /boot --fstype=xfs --size=2048 --fsoptions="nodev,nosuid"
 part pv.01 --grow --size=1
 
 # Create a Logical Volume Management (LVM) group (optional)
 volgroup VolGroup pv.01
 
 # Create particular logical volumes (optional)
-logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=5120 --grow
 # Ensure /home Located On Separate Partition
-logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
 # Ensure /tmp Located On Separate Partition
 logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 # Ensure /var/tmp Located On Separate Partition
 
@@ -83,16 +83,17 @@ zerombr
 # --linux	erase all Linux partitions
 # --initlabel	initialize the disk label to the default based on the underlying architecture
 clearpart --linux --initlabel
+reqpart
 
 # Create primary system partitions (required for installs)
-part /boot --fstype=xfs --size=512
+part /boot --fstype=xfs --size=2048
 part pv.01 --grow --size=1
 
 # Create a Logical Volume Management (LVM) group (optional)
 volgroup VolGroup pv.01
 
 # Create particular logical volumes (optional)
-logvol / --fstype=xfs --name=root --vgname=VolGroup --size=11264 --grow
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=5120 --grow
 # CCE-26557-9: Ensure /home Located On Separate Partition
 logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
 # CCE-26435-8: Ensure /tmp Located On Separate Partition