Merge pull request ComplianceAsCode#2533 from mpreisler/anssi_profile…

…_el7

Added "anssi" profile to the RHEL7 product

rhel7/guide.xslt

@@ -34,6 +34,10 @@
       <xsl:apply-templates select="document('profiles/stig-http-disa.xml')" />
       <xsl:apply-templates select="document('profiles/stig-ipa-server-upstream.xml')" />
       <xsl:apply-templates select="document('profiles/stig-satellite-upstream.xml')" />
+      <xsl:apply-templates select="document('profiles/anssi_nt28_minimal.xml')" />
+      <xsl:apply-templates select="document('profiles/anssi_nt28_intermediary.xml')" />
+      <xsl:apply-templates select="document('profiles/anssi_nt28_enhanced.xml')" />
+      <xsl:apply-templates select="document('profiles/anssi_nt28_high.xml')" />
 
 
       <!-- Adding 'conditional_clause' placeholder <xccdf:Value> here -->

rhel7/profiles/anssi_nt28_enhanced.xml

@@ -0,0 +1,5 @@
+<Profile id="anssi_nt28_enhanced" extends="anssi_nt28_intermediary">
+<title override="true">ANSSI DAT-NT28 (enhanced)</title>
+<description override="true">Draft profile for ANSSI compliance at the enhanced level. ANSSI stands for Agence nationale de la sécurité des systèmes d'information. Based on https://www.ssi.gouv.fr/.</description>
+
+</Profile>

rhel7/profiles/anssi_nt28_high.xml

@@ -0,0 +1,5 @@
+<Profile id="anssi_nt28_high" extends="anssi_nt28_enhanced">
+<title override="true">ANSSI DAT-NT28 (high)</title>
+<description override="true">Draft profile for ANSSI compliance at the high level. ANSSI stands for Agence nationale de la sécurité des systèmes d'information. Based on https://www.ssi.gouv.fr/.</description>
+
+</Profile>

rhel7/profiles/anssi_nt28_intermediary.xml

@@ -0,0 +1,28 @@
+<Profile id="anssi_nt28_intermediary" extends="anssi_nt28_minimal">
+<title override="true">ANSSI DAT-NT28 (intermediary)</title>
+<description override="true">Draft profile for ANSSI compliance at the intermediary level. ANSSI stands for Agence nationale de la sécurité des systèmes d'information. Based on https://www.ssi.gouv.fr/.</description>
+
+<!-- partitioning -->
+<select idref="partition_for_tmp" selected="true"/>
+<select idref="partition_for_var" selected="true"/>
+<select idref="partition_for_var_log" selected="true"/>
+<select idref="partition_for_var_log_audit" selected="true"/>
+<select idref="partition_for_home" selected="true"/>
+
+<!-- services -->
+<refine-value idref="sshd_idle_timeout_value" selector="5_minutes" />
+
+<!-- System Logging Requirements -->
+<select idref="rsyslog_files_ownership" selected="true" />
+<select idref="rsyslog_files_groupownership" selected="true" />
+<select idref="rsyslog_files_permissions" selected="true" />
+<select idref="rsyslog_remote_loghost" selected="false" />
+<select idref="ensure_logrotate_activated" selected="true" />
+
+<!-- critical files -->
+
+<!-- sysctl -->
+<select idref="sysctl_fs_suid_dumpable" selected="true" />
+<select idref="sysctl_kernel_randomize_va_space" selected="true" />
+
+</Profile>

rhel7/profiles/anssi_nt28_minimal.xml

@@ -0,0 +1,20 @@
+<Profile id="anssi_nt28_minimal">
+<title>ANSSI DAT-NT28 (minimal)</title>
+<description>Draft profile for ANSSI compliance at the minimal level. ANSSI stands for Agence nationale de la sécurité des systèmes d'information. Based on https://www.ssi.gouv.fr/.</description>
+
+<!-- partitioning -->
+<!-- system -->
+<select idref="sudo_remove_nopasswd" selected="true"/>
+<select idref="sudo_remove_no_authenticate" selected="true"/>
+
+
+<!-- services -->
+<select idref="package_rsyslog_installed" selected="true"/>
+<select idref="service_rsyslog_enabled" selected="true"/>
+
+<!-- critical files -->
+<select idref="file_permissions_etc_shadow" selected="true"/>
+<select idref="file_permissions_etc_gshadow" selected="true"/>
+<select idref="file_permissions_etc_passwd" selected="true"/>
+<select idref="file_permissions_etc_group" selected="true"/>
+</Profile>