kubeasz/roles/os-harden/tasks/modprobe.yml

25 lines
625 B
YAML

---
- name: install modprobe to disable filesystems | os-10
package:
name: '{{modprobe_package}}'
state: 'present'
- name: check if efi is installed
stat:
path: "/sys/firmware/efi"
register: efi_installed
- name: remove vfat from fs-list if efi is used
set_fact:
os_unused_filesystems: "{{ os_unused_filesystems | difference('vfat') }}"
when: efi_installed.stat.isdir is defined and efi_installed.stat.isdir
- name: disable unused filesystems | os-10
template:
src: 'etc/modprobe.d/modprobe.j2'
dest: '/etc/modprobe.d/dev-sec.conf'
owner: 'root'
group: 'root'
mode: '0640'