diff --git a/shared/templates/kernel_module_disabled/ansible.template b/shared/templates/kernel_module_disabled/ansible.template index 85ecf7a9407..e64ff1bc943 100644 --- a/shared/templates/kernel_module_disabled/ansible.template +++ b/shared/templates/kernel_module_disabled/ansible.template @@ -3,21 +3,13 @@ # strategy = disable # complexity = low # disruption = medium -{{% if product in ["sle12", "sle15"] %}} -- name: Ensure kernel module '{{{ KERNMODULE }}}' is disabled - lineinfile: - create: yes - dest: "/etc/modprobe.d/50-blacklist.conf" - regexp: '^blacklist {{{ KERNMODULE }}}$' - line: "blacklist {{{ KERNMODULE }}}" -{{% else %}} - name: Ensure kernel module '{{{ KERNMODULE }}}' is disabled lineinfile: create: yes dest: "/etc/modprobe.d/{{{ KERNMODULE }}}.conf" regexp: 'install\s+{{{ KERNMODULE }}}' line: "install {{{ KERNMODULE }}} /bin/true" -{{% if product in ["ol7", "ol8"] or 'rhel' in product %}} +{{% if product in ["ol7", "ol8", "sle12", "sle15"] or 'rhel' in product %}} - name: Ensure kernel module '{{{ KERNMODULE }}}' is blacklisted lineinfile: create: yes @@ -25,4 +17,3 @@ regexp: '^blacklist {{{ KERNMODULE }}}$' line: "blacklist {{{ KERNMODULE }}}" {{% endif %}} -{{% endif %}} diff --git a/shared/templates/kernel_module_disabled/bash.template b/shared/templates/kernel_module_disabled/bash.template index e0eb1768551..8842dd6b68a 100644 --- a/shared/templates/kernel_module_disabled/bash.template +++ b/shared/templates/kernel_module_disabled/bash.template @@ -3,12 +3,6 @@ # strategy = disable # complexity = low # disruption = medium -{{% if product in ["sle12", "sle15"] %}} -if ! LC_ALL=C grep -q -m 1 "^blacklist {{{ KERNMODULE }}}$" /etc/modprobe.d/50-blacklist.conf ; then - echo -e "\n# Disable per security requirements" >> /etc/modprobe.d/50-blacklist.conf - echo "blacklist {{{ KERNMODULE }}}" >> /etc/modprobe.d/50-blacklist.conf -fi -{{% else %}} if LC_ALL=C grep -q -m 1 "^install {{{ KERNMODULE }}}" /etc/modprobe.d/{{{ KERNMODULE }}}.conf ; then {{% if '#' in KERNMODULE %}} {{{ raise("KERNMODULE (" + KERNMODULE + ") uses sed path separator (#) in " + rule_id) }}} @@ -18,9 +12,8 @@ else echo -e "\n# Disable per security requirements" >> /etc/modprobe.d/{{{ KERNMODULE }}}.conf echo "install {{{ KERNMODULE }}} /bin/true" >> /etc/modprobe.d/{{{ KERNMODULE }}}.conf fi -{{% if product in ["ol7", "ol8"] or 'rhel' in product %}} +{{% if product in ["ol7", "ol8", "sle12", "sle15"] or 'rhel' in product %}} if ! LC_ALL=C grep -q -m 1 "^blacklist {{{ KERNMODULE }}}$" /etc/modprobe.d/{{{ KERNMODULE }}}.conf ; then echo "blacklist {{{ KERNMODULE }}}" >> /etc/modprobe.d/{{{ KERNMODULE }}}.conf fi {{% endif %}} -{{% endif %}} diff --git a/shared/templates/kernel_module_disabled/oval.template b/shared/templates/kernel_module_disabled/oval.template index 4ee2725b0fa..b14d60b4a55 100644 --- a/shared/templates/kernel_module_disabled/oval.template +++ b/shared/templates/kernel_module_disabled/oval.template @@ -3,10 +3,7 @@ id="kernel_module_{{{ KERNMODULE }}}_disabled" version="1"> {{{ oval_metadata("The kernel module " + KERNMODULE + " should be disabled.") }}} - {{% if product in ["sle12", "sle15"] %}} - - {{% elif product in ["ol7", "ol8", "rhcos4"] or 'rhel' in product %}} + {{% if product in ["ol7", "ol8", "rhcos4", "sle12", "sle15"] or 'rhel' in product %}} @@ -24,7 +21,6 @@ -{{% if product not in ["sle12", "sle15"] %}} @@ -47,7 +43,6 @@ /usr/lib/modprobe.d /usr/lib/modules-load.d -{{% endif %}} {{% if product in ["ol7", "ol8", "rhcos4", "sle12", "sle15"] or 'rhel' in product %}} - {{% if product in ["sle12", "sle15"] %}} - /etc/modprobe.d/50-blacklist.conf - {{% else %}} ^.*\.conf$ - {{% endif %}} ^blacklist\s+{{{ KERNMODULE }}}$ 1