Skip to content

configure-network-devices #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: v2.0.0
Choose a base branch
from
Open

configure-network-devices #39

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions tasks/amazon_linux.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
- name: Amazon Linux 2 | Configure Service Clients
include_tasks: configure_network_devices_al2.yaml
64 changes: 64 additions & 0 deletions tasks/configure_network_devices.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
---
# Ensure wireless drivers are detected
- name: Find wireless drivers
ansible.builtin.shell: |
for driverdir in $(find /sys/class/net/*/ -type d -name wireless | xargs -r dirname); do
basename "$(readlink -f "$driverdir"/device/driver/module)"
done | sort -u
register: wireless_modules
changed_when: false
failed_when: false

# Display detected wireless modules
- name: Show detected wireless modules
ansible.builtin.debug:
msg: "Detected wireless modules: {{ wireless_modules.stdout_lines | join(', ') if wireless_modules.stdout_lines else 'None found' }}"

# Stop play if no wireless modules are found
- name: Stop play if no wireless modules found
ansible.builtin.meta: end_play
when: wireless_modules.stdout_lines | length == 0

# Ensure wireless modules are made unloadable
- name: Make wireless modules unloadable
ansible.builtin.lineinfile:
path: "/etc/modprobe.d/{{ item }}.conf"
line: "install {{ item }} /bin/false"
create: yes
mode: '0644'
loop: "{{ wireless_modules.stdout_lines }}"

# Ensure wireless modules are unloaded if currently loaded
- name: Unload wireless modules if currently loaded
ansible.builtin.command: "modprobe -r {{ item }}"
loop: "{{ wireless_modules.stdout_lines }}"
ignore_errors: true

# Ensure wireless modules are blacklisted
- name: Blacklist wireless modules
ansible.builtin.lineinfile:
path: "/etc/modprobe.d/{{ item }}.conf"
line: "blacklist {{ item }}"
create: yes
mode: '0644'
loop: "{{ wireless_modules.stdout_lines }}"

# Verify wireless modules are disabled
- name: Verify wireless modules are disabled
ansible.builtin.shell: |
lsmod | grep -E "{{ wireless_modules.stdout_lines | join('|') }}"
register: verify_wireless
failed_when: verify_wireless.rc == 0
changed_when: false
ignore_errors: true

# Display audit result for wireless module status
- name: Display audit result
ansible.builtin.debug:
msg: |
{% if verify_wireless.rc != 0 %}
PASS - Wireless modules are disabled.
{% else %}
FAIL - Some wireless modules still active: {{ verify_wireless.stdout }}
{% endif %}