Code Review / ta / infra-ansible.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
REC-418 Disable NFS services
[ta/infra-ansible.git] / roles / ops-hardening / tasks / main.yaml
diff --git a/roles/ops-hardening/tasks/main.yaml b/roles/ops-hardening/tasks/main.yaml
index 71218a0..3381cea 100644 (file)
--- a/roles/ops-hardening/tasks/main.yaml
+++ b/roles/ops-hardening/tasks/main.yaml
@@ -116,6 +116,7 @@
     - cramfs
     - usb-storage
     - udf
+    - nfsd
 
 #
 # Disable interactive boot
@@ -344,6 +345,29 @@
     state: "mounted"
     fstype: "{{device_fstype.stdout}}"
 
+#
+# Disable NFS service
+#
+
+- name: disable NFS related services
+  service:
+    name: "{{ item }}"
+    enabled: no
+    state: stopped
+  ignore_errors: yes
+  with_items:
+    - nfslock
+    - rpcgssd
+    - rpcidmapd
+    - nfs-idmap
+    - nfs-server
+    - nfs
+
+- name: remove nfs-utils package
+  yum:
+    name: nfs-utils
+    state: absent
+
 #
 # Setting file permissions
 #
This repository contains all the generic deployment playbooks, which configure services running directly on the host. Includes playbooks for disk partitioning, Ceph configuration, hardening, security, SSH, operating system level user management etc.