Security Technical Implementation Guides (STIG)

STIG security hardening implements compliance with the Defense Information Systems Agency (DISA) guidelines described in the Security Technical Implementation Guides (STIGs) (https://csrc.nist.gov/glossary/term/security_technical_implementation_guide). Certain high-security clusters may require STIG compliance.

The ICE ClusterWare ™ platform provides basic STIG support for kickstarted nodes by adding the following snippet to your kickstart *.ks file:

%addon org_fedora_oscap
    content-type = scap-security-guide
    profile = xccdf_org.ssgproject.content_profile_stig
%end

To configure a STIG head node:

1. Add the snippet to your kickstart config file.

2. Reboot the node using the *.ks file to enable STIG.

3. Set the TMPDIR environment variable to /tmp before running the ClusterWare install script. For example:

   TMPDIR="/tmp" ./cw-install
   

4. Install ICE ClusterWare on the STIG-enabled head node.

Tip

The ClusterWare software provides an example file /opt/scyld/clusterware/kickstarts/basic-stig.ks with the snippet appended for administrators who would like to kickstart infrastructure nodes or additional head nodes with that STIG applied at install time.