mirror of
https://github.com/ansible-lockdown/RHEL9-CIS.git
synced 2025-12-25 14:43:06 +00:00
28 lines
765 B
YAML
28 lines
765 B
YAML
---
|
|
|
|
- name: "1.1.9 | PATCH | Disable USB Storage"
|
|
block:
|
|
- name: "1.1.9 | PATCH | Disable USB Storage | Edit modprobe config"
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/modprobe.d/CIS.conf
|
|
regexp: "^(#)?install usb-storage(\\s|$)"
|
|
line: "install usb-storage /bin/true"
|
|
create: true
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
|
|
- name: "1.1.9 | PATCH | Disable USB Storage | Edit modprobe config"
|
|
ansible.builtin.modprobe:
|
|
name: usb-storage
|
|
state: absent
|
|
when:
|
|
- rhel9cis_rule_1_1_9
|
|
tags:
|
|
- level1-server
|
|
- level2-workstation
|
|
- automated
|
|
- patch
|
|
- mounts
|
|
- removable_storage
|
|
- rule_1.1.9
|