--- - name: Disable Unused Network Protocols hosts: all become: true gather_facts: true vars_files: - vars/main.yml tasks: - name: Ensure protocols are not loaded block: - name: Create blacklist configuration if not present copy: dest: /etc/modprobe.d/blacklist.conf content: "# Blacklist unused network protocols\n" owner: root group: root mode: '0644' when: not lookup('file', '/etc/modprobe.d/blacklist.conf', errors='ignore') - name: Add protocols to blacklist lineinfile: path: /etc/modprobe.d/blacklist.conf line: "blacklist {{ item }}" create: yes state: present loop: "{{ protocols_to_disable }}" - name: Unload unused protocols if currently loaded command: modprobe -r {{ item }} loop: "{{ protocols_to_disable }}" register: unload_protocols ignore_errors: true changed_when: "'not found' not in unload_protocols.stderr" - name: Verify protocols are not loaded command: lsmod | grep -wq {{ item }} loop: "{{ protocols_to_disable }}" register: verify_protocols failed_when: verify_protocols.rc == 0 - name: Display status of unused protocols debug: msg: "{{ verify_protocols.results | selectattr('rc', 'eq', 0) | map(attribute='item') | list | join(', ') + ' are still loaded.' if verify_protocols.results | selectattr('rc', 'eq', 0) | list else 'All unused protocols are successfully disabled.' }}"
浙公网安备 33010602011771号