ANSSI-BP-028 (minimal)

Ansible Role for ANSSI-BP-028 (minimal)

Profile Description:
This profile includes settings that follow ANSSI-BP-028 version 2.0 at a basic security level.
ANSSI is France's National Information Security Agency (Agence nationale de la sécurité des systèmes d'information).
ANSSI-BP-028 provides guidance for configuring GNU/Linux systems.
You can find ANSSI-BP-028 on the ANSSI website:
https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
There is also an English version available at:
https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system

The tasks in this role are created using OpenSCAP.
For more information about generating Ansible playbooks, visit: https://github.com/OpenSCAP/openscap

If you want to suggest a fix or improvement for a failing or missing Ansible task in this role,
refer to the ComplianceAsCode project: https://github.com/ComplianceAsCode/content

Requirements

• You need Ansible version 2.9 or newer

Role Variables

To modify the role to fit your needs, check the list of variables.

Dependencies

None

Example Role Usage

To download and install the role, run:
ansible-galaxy install RedHatOfficial.rhel9_anssi_bp28_minimal

After that, you can use this playbook snippet to apply the Ansible role:

- hosts: all
  roles:
     - { role: RedHatOfficial.rhel9_anssi_bp28_minimal }

Next, to check the playbook on your local machine, use:

ansible-playbook -i "localhost," -c local --check playbook.yml

To actually run it (note: this could change your local machine's settings!):

ansible-playbook -i "localhost," -c local playbook.yml

License

BSD-3-Clause

Author Information

This Ansible role has been created based on security policies from the ComplianceAsCode project.
For an updated list of authors and contributors, visit:
https://github.com/complianceascode/content/blob/master/Contributors.md