RedHatOfficial.rhel9-ospp

Protection Profile for General Purpose Operating Systems

Ansible Role for Protection Profile for General Purpose Operating Systems

Profile Description:
This profile relates to the Red Hat Enterprise Linux 9 Common Criteria Guidance documentation. It is based on the Protection Profile for General Purpose Operating Systems (OSPP) version 4.3 and the Functional Package for SSH version 1.0. When necessary, specific values from CNSSI 1253 or the Department of Defense are used for configuration, according to the Configuration Annex to the OSPP.

The tasks in this role are created using OpenSCAP. For more information on how to create Ansible playbooks with OpenSCAP, visit OpenSCAP GitHub Page.

If you want to report a problem or suggest improvements for a failing or missing Ansible task in this role, check out the ComplianceAsCode project at ComplianceAsCode GitHub Page.

Requirements

• You need Ansible version 2.9 or higher.

Role Variables
To make this role fit your needs, look at the list of variables.

Dependencies
Not applicable.

Example Role Usage
To download and install the role, run:

ansible-galaxy install RedHatOfficial.rhel9_ospp

Then, to use the role in a playbook, you can use this snippet:

- hosts: all
  roles:
     - { role: RedHatOfficial.rhel9_ospp }

Next, check the playbook with the following command on your local machine:

ansible-playbook -i "localhost," -c local --check playbook.yml

To run it and apply the changes (note that this may alter your local machine's configuration!), use:

ansible-playbook -i "localhost," -c local playbook.yml

License
This role is licensed under the BSD-3-Clause.

Author Information
This Ansible remediation role is based on security policies created by the ComplianceAsCode project. For a current list of authors and contributors, visit Contributors Page.