Skip to content

RedHatOfficial/ansible-role-rhel9-anssi_bp28_high

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ANSSI-BP-028 (high)

Ansible Role for ANSSI-BP-028 (high)

Profile Description:
This profile contains configurations that align to ANSSI-BP-028 v2.0 at the high hardening level.
ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
A copy of the ANSSI-BP-028 can be found at the ANSSI website:
https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
An English version of the ANSSI-BP-028 can also be found at the ANSSI website:
https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system

The tasks that are used in this role are generated using OpenSCAP. See the OpenSCAP project for more details on Ansible playbook generation at https://github.com/OpenSCAP/openscap

To submit a fix or enhancement for an Ansible task that is failing or missing in this role, see the ComplianceAsCode project at https://github.com/ComplianceAsCode/content

Requirements

  • Ansible version 2.9 or higher

Role Variables

To customize the role to your liking, check out the list of variables.

Dependencies

N/A

Example Role Usage

Run ansible-galaxy install RedHatOfficial.rhel9_anssi_bp28_high to download and install the role. Then, you can use the following playbook snippet to run the Ansible role:

- hosts: all
  roles:
     - { role: RedHatOfficial.rhel9_anssi_bp28_high }

Next, check the playbook using (on the localhost) the following example:

ansible-playbook -i "localhost," -c local --check playbook.yml

To deploy it, use (this may change configuration of your local machine!):

ansible-playbook -i "localhost," -c local playbook.yml

License

BSD-3-Clause

Author Information

This Ansible remediation role has been generated from the body of security policies developed by the ComplianceAsCode project. Please see https://github.com/complianceascode/content/blob/master/Contributors.md for an updated list of authors and contributors.