Skip to content

Commit

Permalink
3.1.2 handler and control updated
Browse files Browse the repository at this point in the history
Signed-off-by: Mark Bolwell <[email protected]>
  • Loading branch information
uk-bolly committed Sep 21, 2023
1 parent 4070275 commit 65e7a3d
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 14 deletions.
4 changes: 3 additions & 1 deletion ChangeLog.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@

workflow update
linting updates
impoirt_tasks spilut with file
import_tasks spilut with file
rule 3.1.2 logic update
tidy up tags

## 1.3.1

Expand Down
3 changes: 3 additions & 0 deletions handlers/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@
name: exim4
state: restarted

- name: Disable wireless adaptor
ansible.builtin.shell: nmcli radio wifi off

- name: sysctl flush ipv4 route table
ansible.posix.sysctl:
name: net.ipv4.route.flush
Expand Down
33 changes: 20 additions & 13 deletions tasks/section_3/cis_3.1.x.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,27 +19,34 @@

- name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled"
block:
- name: "3.1.2 | AUDIT | Ensure wireless interfaces are disabled | Check if nmcli command is available"
ansible.builtin.shell: dpkg -s network-manager
changed_when: false
failed_when: false
args:
warn: false
check_mode: false
register: ubtu18cis_nmcli_available

- name: "3.1.2 | AUDIT | Ensure wireless interfaces are disabled | Check if wifi is enabled"
- name: "3.1.2 | AUDIT | Ensure wireless interfaces are disabled | Check if wifi is enabled if wlan exists"
ansible.builtin.shell: nmcli radio wifi
register: ubtu18cis_wifi_enabled
check_mode: false
changed_when: ubtu18cis_wifi_enabled.stdout != "disabled"
when: ubtu18cis_nmcli_available.rc == 0
changed_when: ubtu18cis_wifi_enabled.stdout not in [ 'disabled', 'missing' ]
when: "'network-manager' in ansible_facts.packages"

- name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled | Disable wifi if enabled"
ansible.builtin.shell: nmcli radio wifi off
when: ubtu18cis_wifi_enabled is changed # noqa: no-handler
notify: Disable wireless adaptor
when:
- ubtu18cis_wifi_enabled.stdout is defined
- "[ 'disabled', 'missing' ] not in ubtu18cis_wifi_enabled.stdout"

- name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled | Warning"
ansible.builtin.debug:
msg: "Warning!! network-manager package is not installed please check wireless connections manually"
when: "'network-manager' not in ansible_facts.packages"

- name: "3.1.2 | PATCH | Ensure wireless interfaces are disabled | warning count"
ansible.builtin.import_tasks:
file: warning_facts.yml
when: "'network-manager' not in ansible_facts.packages"
vars:
warn_control_id: '3.1.2'
when:
- ubtu18cis_rule_3_1_2
- "'wlan' in ansible_facts.interfaces"
tags:
- level1-server
- level2-workstation
Expand Down

0 comments on commit 65e7a3d

Please sign in to comment.