Ansible Role for Protection Profile for General Purpose Operating Systems
Profile Description:
This profile reflects mandatory configuration controls identified in the
NIAP Configuration Annex to the Protection Profile for General Purpose
Operating Systems (Protection Profile Version 4.2.1).
This configuration profile is consistent with CNSSI-1253, which requires
U.S. National Security Systems to adhere to certain configuration
parameters. Accordingly, this configuration profile is suitable for
use in U.S. National Security Systems.
The tasks that are used in this role are generated using OpenSCAP. See the OpenSCAP project for more details on Ansible playbook generation at https://github.com/OpenSCAP/openscap
To submit a fix or enhancement for an Ansible task that is failing or missing in this role, see the ComplianceAsCode project at https://github.com/ComplianceAsCode/content
- Ansible version 2.9 or higher
To customize the role to your liking, check out the list of variables.
N/A
Run ansible-galaxy install RedHatOfficial.rhel8_ospp to
download and install the role. Then, you can use the following playbook snippet to run the Ansible role:
- hosts: all
roles:
- { role: RedHatOfficial.rhel8_ospp }
Next, check the playbook using (on the localhost) the following example:
ansible-playbook -i "localhost," -c local --check playbook.yml
To deploy it, use (this may change configuration of your local machine!):
ansible-playbook -i "localhost," -c local playbook.yml
BSD-3-Clause
This Ansible remediation role has been generated from the body of security policies developed by the ComplianceAsCode project. Please see https://github.com/complianceascode/content/blob/master/Contributors.md for an updated list of authors and contributors.