This projet is managed by ANSSI. To find out more, you can visit the page (in French) dedicated to ANSSI’s open-source strategy. You can also click on the badges above to learn more about their meaning.
This project contains an Ansible role which provides, for example purposes only, a way of implementing some recommendations of French Cybersecurity Agency (ANSSI)'s Configuration recommendations of a GNU/Linux system.
This work constitutes a starting point for hardening a GNU/Linux system by configuring the kernel, user sessions, and more.
You need to have the following installed on your machine:
- Vagrant
- Ansible
To create the Vagrant machine, use the vagrant up command; this will also run the Ansible playbook inside the machine.
To connect to the Vagrant machine using the vagrant ssh command, make sure that the configuration in the inventory.ini file matches the output of the vagrant ssh-config
command (in particular the SSH connection port).
This program has not been tested in a production environment. It is essential that you understand how it works, adjust it to your particular environment, before running it.
ANSSI cannot be held liable for any loss or damage incurred by the use, direct or inderect, of this program. The user assumes full responsibility for the use of this program.
It is strongly advised that you:
- read carefully the Configuration recommendations of a GNU/Linux system in order to understand recommendations this program is, for example purposes only, based on;
- read carefully the code and comments;
- understand each command's consequences and side effects;
- test tasks by running them on an isolated testing environment;
- adjust tasks to your specific needs;
- perform backups before running potentially breaking changes on your system.
By using this program, you agree to these terms and conditions.
See SECURITY.md
See CONTRIBUTING.md
See LICENSE