Merge pull request #11765 from vojtapolasek/update_ks_links

update links and unify documentation in kickstart files

products/rhel8/kickstart/ssg-rhel8-anssi_bp28_enhanced-ks.cfg

@@ -5,6 +5,8 @@
 # Based on:
 # https://pykickstart.readthedocs.io/en/latest/
 # http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+# For more information see the following documentation:
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
 
 # Specify installation method to use for installation
 # To use a different one comment out the 'url' one below, update
@@ -126,20 +128,8 @@ logvol swap --name=swap --vgname=VolGroup --size=2016
 #   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
 #   Values can be optionally enclosed in single quotes (') or double quotes (").
 #   
-#  The following keys are recognized by the add-on:
-#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
-#      - If the content-type is scap-security-guide, the add-on will use content provided by the
-#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
-#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
-#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
-#    xccdf-id - ID of the benchmark you want to use.
-#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
-#    profile - ID of the profile to be applied. Use default to apply the default profile.
-#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
-#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
-#
-#  The following is an example %addon org_fedora_oscap section which uses content from the
-#  scap-security-guide on the installation media: 
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
 %addon org_fedora_oscap
 	content-type = scap-security-guide
 	profile = xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced

products/rhel8/kickstart/ssg-rhel8-anssi_bp28_high-ks.cfg

@@ -5,6 +5,8 @@
 # Based on:
 # https://pykickstart.readthedocs.io/en/latest/
 # http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+# For more information see the following documentation:
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
 
 # Specify installation method to use for installation
 # To use a different one comment out the 'url' one below, update
@@ -117,6 +119,7 @@ logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsopt
 logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 logvol swap --name=swap --vgname=VolGroup --size=2016
 
+
 # The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
 # content - security policies - on the installed system.This add-on has been enabled by default
 # since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
@@ -130,20 +133,8 @@ logvol swap --name=swap --vgname=VolGroup --size=2016
 #   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
 #   Values can be optionally enclosed in single quotes (') or double quotes (").
 #   
-#  The following keys are recognized by the add-on:
-#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
-#      - If the content-type is scap-security-guide, the add-on will use content provided by the
-#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
-#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
-#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
-#    xccdf-id - ID of the benchmark you want to use.
-#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
-#    profile - ID of the profile to be applied. Use default to apply the default profile.
-#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
-#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
-#
-#  The following is an example %addon org_fedora_oscap section which uses content from the
-#  scap-security-guide on the installation media: 
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
 %addon org_fedora_oscap
 	content-type = scap-security-guide
 	profile = xccdf_org.ssgproject.content_profile_anssi_bp28_high

products/rhel8/kickstart/ssg-rhel8-anssi_bp28_intermediary-ks.cfg

@@ -5,6 +5,9 @@
 # Based on:
 # https://pykickstart.readthedocs.io/en/latest/
 # http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+# For more information see the following documentation:
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
+
 
 # Specify installation method to use for installation
 # To use a different one comment out the 'url' one below, update
@@ -126,20 +129,8 @@ logvol swap --name=swap --vgname=VolGroup --size=2016
 #   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
 #   Values can be optionally enclosed in single quotes (') or double quotes (").
 #   
-#  The following keys are recognized by the add-on:
-#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
-#      - If the content-type is scap-security-guide, the add-on will use content provided by the
-#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
-#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
-#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
-#    xccdf-id - ID of the benchmark you want to use.
-#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
-#    profile - ID of the profile to be applied. Use default to apply the default profile.
-#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
-#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
-#
-#  The following is an example %addon org_fedora_oscap section which uses content from the
-#  scap-security-guide on the installation media: 
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
 %addon org_fedora_oscap
 	content-type = scap-security-guide
 	profile = xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary

products/rhel8/kickstart/ssg-rhel8-anssi_bp28_minimal-ks.cfg

@@ -5,6 +5,8 @@
 # Based on:
 # https://pykickstart.readthedocs.io/en/latest/
 # http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+# For more information see the following documentation:
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
 
 # Specify installation method to use for installation
 # To use a different one comment out the 'url' one below, update
@@ -90,20 +92,8 @@ autopart
 #   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
 #   Values can be optionally enclosed in single quotes (') or double quotes (").
 #   
-#  The following keys are recognized by the add-on:
-#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
-#      - If the content-type is scap-security-guide, the add-on will use content provided by the
-#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
-#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
-#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
-#    xccdf-id - ID of the benchmark you want to use.
-#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
-#    profile - ID of the profile to be applied. Use default to apply the default profile.
-#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
-#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
-#
-#  The following is an example %addon org_fedora_oscap section which uses content from the
-#  scap-security-guide on the installation media: 
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
 %addon org_fedora_oscap
 	content-type = scap-security-guide
 	profile = xccdf_org.ssgproject.content_profile_anssi_bp28_minimal

products/rhel8/kickstart/ssg-rhel8-cis-ks.cfg

@@ -4,7 +4,8 @@
 #
 # Based on:
 # https://pykickstart.readthedocs.io/en/latest/
-# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+# For more information see the following documentation:
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
 
 # Specify installation method to use for installation
 # To use a different one comment out the 'url' one below, update
@@ -111,9 +112,21 @@ logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=5
 logvol swap --name=swap --vgname=VolGroup --size=2016
 
 
-# Harden installation with CIS profile
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#  
+#  Important
+#   Applying a security policy is not necessary on all systems. This screen should only be used
+#   when a specific policy is mandated by your organization rules or government regulations.
+#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
+#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+#   Values can be optionally enclosed in single quotes (') or double quotes (").
+#   
 # For more details and configuration options see
-# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
 %addon org_fedora_oscap
         content-type = scap-security-guide
         profile = xccdf_org.ssgproject.content_profile_cis

products/rhel8/kickstart/ssg-rhel8-cis_server_l1-ks.cfg

@@ -4,7 +4,8 @@
 #
 # Based on:
 # https://pykickstart.readthedocs.io/en/latest/
-# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+# For more information see the following documentation:
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
 
 # Specify installation method to use for installation
 # To use a different one comment out the 'url' one below, update
@@ -111,9 +112,21 @@ logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=5
 logvol swap --name=swap --vgname=VolGroup --size=2016
 
 
-# Harden installation with CIS profile
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#  
+#  Important
+#   Applying a security policy is not necessary on all systems. This screen should only be used
+#   when a specific policy is mandated by your organization rules or government regulations.
+#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
+#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+#   Values can be optionally enclosed in single quotes (') or double quotes (").
+#   
 # For more details and configuration options see
-# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
 %addon org_fedora_oscap
         content-type = scap-security-guide
         profile = xccdf_org.ssgproject.content_profile_cis_server_l1

products/rhel8/kickstart/ssg-rhel8-cis_workstation_l1-ks.cfg

@@ -4,7 +4,8 @@
 #
 # Based on:
 # https://pykickstart.readthedocs.io/en/latest/
-# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+# For more information see the following documentation:
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
 
 # Specify installation method to use for installation
 # To use a different one comment out the 'url' one below, update
@@ -111,9 +112,21 @@ logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=5
 logvol swap --name=swap --vgname=VolGroup --size=2016
 
 
-# Harden installation with CIS profile
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#  
+#  Important
+#   Applying a security policy is not necessary on all systems. This screen should only be used
+#   when a specific policy is mandated by your organization rules or government regulations.
+#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
+#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+#   Values can be optionally enclosed in single quotes (') or double quotes (").
+#   
 # For more details and configuration options see
-# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
 %addon org_fedora_oscap
         content-type = scap-security-guide
         profile = xccdf_org.ssgproject.content_profile_cis_workstation_l1