Ansible Role for Australian Cyber Security Centre (ACSC) ISM Official
Profile Description:
This profile contains configuration checks for Red Hat Enterprise Linux 9
that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM)
with the applicability marking of OFFICIAL.
The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning
Red Hat Enterprise Linux security controls with the ISM, which can be used to select controls
specific to an organisation's security posture and risk profile.
A copy of the ISM can be found at the ACSC website:
https://www.cyber.gov.au/ism
The tasks that are used in this role are generated using OpenSCAP. See the OpenSCAP project for more details on Ansible playbook generation at https://github.com/OpenSCAP/openscap
To submit a fix or enhancement for an Ansible task that is failing or missing in this role, see the ComplianceAsCode project at https://github.com/ComplianceAsCode/content
- Ansible version 2.9 or higher
To customize the role to your liking, check out the list of variables.
N/A
Run ansible-galaxy install RedHatOfficial.rhel9_ism_o to
download and install the role. Then, you can use the following playbook snippet to run the Ansible role:
- hosts: all
roles:
- { role: RedHatOfficial.rhel9_ism_o }
Next, check the playbook using (on the localhost) the following example:
ansible-playbook -i "localhost," -c local --check playbook.yml
To deploy it, use (this may change configuration of your local machine!):
ansible-playbook -i "localhost," -c local playbook.yml
BSD-3-Clause
This Ansible remediation role has been generated from the body of security policies developed by the ComplianceAsCode project. Please see https://github.com/complianceascode/content/blob/master/Contributors.md for an updated list of authors and contributors.