[patch] oscap scanning and hardening images

[HariPalleti]

Description:

To satisfy FedRAMP's requirements for container vulnerability MAS must leverage Hardened Images.
Using the same remediate script for all the images. Running this remediation script as part of the docker image during the build to remediate the problems.

The remediation script does mainly change the following:

• Configure System Cryptographic Policies
• Ensure gpgcheck enabled for local packages
• Protect accounts by configuring PAM
• Protect Accounts by Restricting Password-Based Login
• Configure Multiple DNS Servers in /etc/resolv.conf
• Ensure rootfiles tmpfile.d is Configured Correctly
• Verify File Permissions Within Some Important Directories
• Disable Core Dumps

Remediation Script generated from evaluation of STIG for Red Hat Enterprise Linux.
sudo oscap xccdf generate fix --fix-type bash --output $OSCAP_DIR/$image_name-remediation.sh --result-id xccdf_org.open-scap_testresult_xccdf_org.ssgproject.content_profile_stig $OSCAP_DIR/$image_name-results.xml

The scan report that is uploaded to artifactory is used for CI evidence

Issue:

• https://jsw.ibm.com/browse/MASCORE-9827

Tests:

I have deployed MAS instanc in a development cluster after hardening the images