Skip to content

Quark Security's CLIP Build VM

Jump to bottom Edit New page
sshimko edited this page Apr 30, 2013 · 1 revision

Standing up a CLIP build environment can be a tedious task. Or so I've been told by five or ten anonymous people ;) Quark Security is pleased to announce the first release of a pre-configured CLIP build VM for CentOS 6.4.

To generate a CentOS-based CLIP image:

  1. Download the VM.

  2. Uncompress and boot the VM in VMware.

  3. Login to the VM. The initial credentials will be shown at boot. (Hint, user/pass is clipdev/neutronbass).

  4. Type "cd /home/clipdev/clip; make clip-rhel6-iso".

  5. Wait about 20 minutes. You will be prompted to enter you password a few times [sudo]. Spend the time playing Nerf wars or reading the OVAL spec or something similarly entertaining making sure to check back to provide your password again.

  6. That is it. You now have a CLIP ISO in /home/clipdev/clip*.iso.

  7. Enjoy!

A few details:

  • We also spent some time making it easier for those checking out the repo and standing up a build environment from scratch (Hi RHEL users!). The root of the repo contains a bootstrap.sh script. Running it will install some packages, ask you some questions, add RHN channels, and make coffee. My testing indicates that on most typical RHEL installs running this script is enough to get the environment all ready to roll CLIP images.

  • We have posted our work to get things running in 6.4 and some other fixes and enhancements to our new github repo. If the Tresys folks would like, I can push the patch set here. But we're finding github to be much better workflow and will continue to actively push our work there. The git tag for the code contained in the VM is "BuildVM_6.4_v1.0".

  • We are using github to track issues and enhancements so you can see what we're planning on tackling next. If anyone wants to help out just fork us on github and submit a pull request.

  • This is not to be treated as an official or otherwise final release of CLIP for RHEL 6.4. We're working towards that and hope others will contribute as well. Above all we really need to update SCAP Security Guide and that means Aqueduct, or that might mean dropping Aqueduct - time will tell.

[sudo]: It is running sudo. One option to avoid entering your password is to uncomment the line containing NOPASSWD in /etc/sudoers for the %wheel entry. We just couldn't in good conscience ship a VM that had that in there. If mobs come after us with pitchforks and torches we might change our minds.

Add a custom footer
Add a custom sidebar
Clone this wiki locally