1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# platform = multi_platform_ol,multi_platform_rhel
# reboot = false
# strategy = configure
# complexity = low
# disruption = low
{{% set usbguard_config_path = "/etc/usbguard/rules.conf" %}}
- name: Generate USBGuard Policy
block:
- name: Gather the package facts
package_facts:
manager: auto
- name: Check that the {{{ usbguard_config_path }}} exists
stat:
path: "{{{ usbguard_config_path }}}"
register: policy_file
- name: Create USBGuard Policy configuration
command: usbguard generate-policy
register: policy
when: not policy_file.stat.exists or policy_file.stat.size == 0
- name: Copy the Generated Policy configuration to a persistent file
copy:
content: "{{ policy.stdout }}"
dest: "{{{ usbguard_config_path }}}"
mode: 0600
when: not policy_file.stat.exists or policy_file.stat.size == 0
- name: Add comment into {{{ usbguard_config_path }}} when system has no USB devices
lineinfile:
path: "{{{ usbguard_config_path }}}"
line: "# No USB devices found"
state: present
when: not policy_file.stat.exists or policy_file.stat.size == 0
- name: Enable service usbguard
service:
name: "usbguard"
enabled: "yes"
state: "started"
masked: "no"
when: '"usbguard" in ansible_facts.packages'
|
