mirror of
https://github.com/ansible-lockdown/RHEL9-CIS.git
synced 2025-12-24 22:23:06 +00:00
Merge pull request #337 from polski-g/network_manager_package_name
Variablize network-manager package name
This commit is contained in:
uk-bolly
GitHub
commit
4b4033e072
2 changed files with 5 additions and 4 deletions
|
|
@ -724,6 +724,7 @@ rhel9cis_ipv6_required: true
|
||||||
## 3.1.2 wireless network requirements
|
## 3.1.2 wireless network requirements
|
||||||
# if wireless adapter found allow network manager to be installed
|
# if wireless adapter found allow network manager to be installed
|
||||||
rhel9cis_install_network_manager: false
|
rhel9cis_install_network_manager: false
|
||||||
|
rhel9cis_network_manager_package_name: NetworkManager
|
||||||
# 3.3 System network parameters (host only OR host and router)
|
# 3.3 System network parameters (host only OR host and router)
|
||||||
# This variable governs whether specific CIS rules
|
# This variable governs whether specific CIS rules
|
||||||
# concerned with acceptance and routing of packages are skipped.
|
# concerned with acceptance and routing of packages are skipped.
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,7 @@
|
||||||
warn_control_id: '3.1.2'
|
warn_control_id: '3.1.2'
|
||||||
block:
|
block:
|
||||||
- name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled | Check for network-manager tool"
|
- name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled | Check for network-manager tool"
|
||||||
when: "'network-manager' in ansible_facts.packages"
|
when: "rhel9cis_network_manager_package_name in ansible_facts.packages"
|
||||||
ansible.builtin.command: nmcli radio wifi
|
ansible.builtin.command: nmcli radio wifi
|
||||||
changed_when: false
|
changed_when: false
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
|
@ -48,19 +48,19 @@
|
||||||
|
|
||||||
- name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled | Disable wireless if network-manager installed"
|
- name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled | Disable wireless if network-manager installed"
|
||||||
when:
|
when:
|
||||||
- "'network-manager' in ansible_facts.packages"
|
- "rhel9cis_network_manager_package_name in ansible_facts.packages"
|
||||||
- "'enabled' in discovered_wifi_status.stdout"
|
- "'enabled' in discovered_wifi_status.stdout"
|
||||||
ansible.builtin.command: nmcli radio all off
|
ansible.builtin.command: nmcli radio all off
|
||||||
changed_when: discovered_nmcli_radio_off.rc == 0
|
changed_when: discovered_nmcli_radio_off.rc == 0
|
||||||
register: discovered_nmcli_radio_off
|
register: discovered_nmcli_radio_off
|
||||||
|
|
||||||
- name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled | Warn about wireless if network-manager not installed"
|
- name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled | Warn about wireless if network-manager not installed"
|
||||||
when: "'network-manager' not in ansible_facts.packages"
|
when: "rhel9cis_network_manager_package_name not in ansible_facts.packages"
|
||||||
ansible.builtin.debug:
|
ansible.builtin.debug:
|
||||||
msg: "Warning!! You need to disable wireless interfaces manually since network-manager is not installed"
|
msg: "Warning!! You need to disable wireless interfaces manually since network-manager is not installed"
|
||||||
|
|
||||||
- name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled | Set warning count"
|
- name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled | Set warning count"
|
||||||
when: "'network-manager' not in ansible_facts.packages"
|
when: "rhel9cis_network_manager_package_name not in ansible_facts.packages"
|
||||||
ansible.builtin.import_tasks:
|
ansible.builtin.import_tasks:
|
||||||
file: warning_facts.yml
|
file: warning_facts.yml
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue