Frequently asked questions
Is it possible to use the toolkit without internet connection
Yes, it is possible to use the hardening scripts on computers without internet connection. You need to ensure two specific things:
- Configured package repository access (eg. RedHat Satellite)
- Manual installation of chef or puppet
To run the scripts via chef without internet and chef server, do the following.
- Download the chef package for your operating system.
Transfer the the package and the cookbooks on your servers and start the run:
echo "---> Install Chef" dpkg -i chef_11.12.8-2_amd64.deb echo "---> Start chef run in local mode" # runs chef client in local mode chef-client -z -o yourcookbook
More information about about chef in local mode is available at getchef.com
How do I configure LDAP authentication with ssh-hardening
use-pam: true. This enables the PAM authentication via ssh. In addition you need to configure PAM properly to work with LDAP. The configuration of PAM for LDAP is not covered by