To create a packer template that creates a Debian stable image that passes OpenSCAP validation.
There is no package for OpenSCAP on Debian stable, to side step this issue:
This will not work, since OpenSCAP is not yet staticly linkable. See OpenSCAP for USB Flash Drive - Issue #197
- Build a staticly linked oscap executable for Debian stable. This makes the resulting binary run on the target system without any dependecies.
- Copy the static oscap binary to the target system
- Use oscap-ssh from the host system into the target system
- Remove the static oscap binary from the target system
- Build a version of OpenSCAP for debian stable.
- Package this version so it is easy to transfer to the target, and purge after use.
- Copy the oscap filses to the target system
- Use oscap-ssh from the host system into the target system
- Remove the static oscap files from the target system.
gitfor cloning thisansiblefor running this- Debian
contribpackages for installingcmakeused during the SCAP security guide build.