1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_almalinux,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
# reboot = true
# strategy = disable
# complexity = low
# disruption = medium
if LC_ALL=C grep -q -m 1 "^install {{{ KERNMODULE }}}" /etc/modprobe.d/{{{ KERNMODULE }}}.conf ; then
{{% if '#' in KERNMODULE %}}
{{{ raise("KERNMODULE (" + KERNMODULE + ") uses sed path separator (#) in " + rule_id) }}}
{{% endif %}}
sed -i 's#^install {{{ KERNMODULE }}}.*#install {{{ KERNMODULE }}} /bin/false#g' /etc/modprobe.d/{{{ KERNMODULE }}}.conf
else
echo -e "\n# Disable per security requirements" >> /etc/modprobe.d/{{{ KERNMODULE }}}.conf
echo "install {{{ KERNMODULE }}} /bin/false" >> /etc/modprobe.d/{{{ KERNMODULE }}}.conf
fi
{{% if 'ol' in product or 'rhel' in product or 'sle' in product or 'slmicro' in product or 'ubuntu' in product or 'debian' in product %}}
if ! LC_ALL=C grep -q -m 1 "^blacklist {{{ KERNMODULE }}}$" /etc/modprobe.d/{{{ KERNMODULE }}}.conf ; then
echo "blacklist {{{ KERNMODULE }}}" >> /etc/modprobe.d/{{{ KERNMODULE }}}.conf
fi
{{% endif %}}
|
