ANSSI-BP-028 (enhanced)

Ansible Role for ANSSI-BP-028 (enhanced)

Profile Description:
This profile provides settings that follow ANSSI-BP-028 version 2.0 at an enhanced security level.
ANSSI is the French National Information Security Agency (Agence nationale de la sécurité des systèmes d'information).
ANSSI-BP-028 offers configuration guidelines for GNU/Linux systems.
You can find a copy of ANSSI-BP-028 on the ANSSI website:
https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
An English version of ANSSI-BP-028 is also available on the ANSSI website:
https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system

The tasks in this role are created using OpenSCAP.
For more information on generating Ansible playbooks, visit OpenSCAP project.

If you have suggestions for fixing or improving an Ansible task in this role,
check the ComplianceAsCode project at ComplianceAsCode.

Requirements

• Ansible version 2.9 or newer.

Role Variables

To personalize the role, look at the list of variables.

Dependencies

None

Example Role Usage

To download and install the role, run:
ansible-galaxy install RedHatOfficial.rhel8_anssi_bp28_enhanced
Then, use the following playbook snippet to apply the Ansible role:

- hosts: all
  roles:
     - { role: RedHatOfficial.rhel8_anssi_bp28_enhanced }

Check the playbook on your local machine with this command:

ansible-playbook -i "localhost," -c local --check playbook.yml

To apply it (this could change settings on your local machine!):

ansible-playbook -i "localhost," -c local playbook.yml

License

BSD-3-Clause

Author Information

This Ansible remediation role is based on security policies from the ComplianceAsCode project. For a current list of authors and contributors, visit
Contributors.