ANSSI-BP-028 (enhanced)

Ansible Role for ANSSI-BP-028 (enhanced)

Profile Description:
This profile includes settings that follow the ANSSI-BP-028 v2.0 guidelines at a higher security level. ANSSI is the French National Information Security Agency (Agence nationale de la sécurité des systèmes d'information). ANSSI-BP-028 provides configuration recommendations for GNU/Linux systems. You can find the full ANSSI-BP-028 document on the ANSSI website:
ANSSI Security Recommendations for GNU/Linux Systems
An English version is also available here:
ANSSI Configuration Recommendations in English

The tasks in this role are created using OpenSCAP. You can learn more about how to generate Ansible playbooks with OpenSCAP at OpenSCAP GitHub.

If you want to report a fix or suggest improvements for an Ansible task that is not working or is missing in this role, please visit the ComplianceAsCode project at ComplianceAsCode GitHub.

Requirements

• Ansible version 2.9 or higher

Role Variables

To adjust the role to fit your needs, check the available variables.

Dependencies

N/A

Example Role Usage

To install the role, run:
ansible-galaxy install RedHatOfficial.rhel9_anssi_bp28_enhanced

Then, use this snippet in your playbook to apply the Ansible role:

- hosts: all
  roles:
     - { role: RedHatOfficial.rhel9_anssi_bp28_enhanced }

To verify the playbook (on your local machine), run:

ansible-playbook -i "localhost," -c local --check playbook.yml

To actually run it (note that this might change settings on your local machine!):

ansible-playbook -i "localhost," -c local playbook.yml

License

BSD-3-Clause

Author Information

This Ansible role for security has been created based on policies from the ComplianceAsCode project. For an updated list of authors and contributors, visit:
ComplianceAsCode Contributors