ansible-lockdown/RHEL9-CIS
3
0
Fork 1
mirror of https://github.com/ansible-lockdown/RHEL9-CIS.git synced 2025-12-24 14:23:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Variablize network-manager package name

Browse source 
Signed-off-by: polski-g <polski_g@sent.at>
This commit is contained in:
polski_g 2025-05-08 10:52:21 -04:00 committed by polski-g
parent 9ee1498c98
commit 4e49532e20
No known key found for this signature in database
GPG key ID: C077F64D3FFD4D39
2 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
defaults/main.yml
View file

@ -724,6 +724,7 @@ rhel9cis_ipv6_required: true
## 3.1.2 wireless network requirements
# if wireless adapter found allow network manager to be installed
rhel9cis_install_network_manager: false
rhel9cis_network_manager_package_name: NetworkManager
# 3.3 System network parameters (host only OR host and router)
# This variable governs whether specific CIS rules
# concerned with acceptance and routing of packages are skipped.

8
tasks/section_3/cis_3.1.x.yml
View file

@ -39,7 +39,7 @@
warn_control_id: '3.1.2'
block:
- name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled | Check for network-manager tool"
when: "'network-manager' in ansible_facts.packages"
when: "rhel9cis_network_manager_package_name in ansible_facts.packages"
ansible.builtin.command: nmcli radio wifi
changed_when: false
failed_when: false
@ -48,19 +48,19 @@
- name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled | Disable wireless if network-manager installed"
when:
- "'network-manager' in ansible_facts.packages"
- "rhel9cis_network_manager_package_name in ansible_facts.packages"
- "'enabled' in discovered_wifi_status.stdout"
ansible.builtin.command: nmcli radio all off
changed_when: discovered_nmcli_radio_off.rc == 0
register: discovered_nmcli_radio_off
- name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled | Warn about wireless if network-manager not installed"
when: "'network-manager' not in ansible_facts.packages"
when: "rhel9cis_network_manager_package_name not in ansible_facts.packages"
ansible.builtin.debug:
msg: "Warning!! You need to disable wireless interfaces manually since network-manager is not installed"
- name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled | Set warning count"
when: "'network-manager' not in ansible_facts.packages"
when: "rhel9cis_network_manager_package_name not in ansible_facts.packages"
ansible.builtin.import_tasks:
file: warning_facts.yml