X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Finfra-ansible.git;a=blobdiff_plain;f=roles%2Fops-hardening%2Ftasks%2Fmain.yaml;fp=roles%2Fops-hardening%2Ftasks%2Fmain.yaml;h=90a57a21789341db0a74f8b876ee19673a0959f0;hp=7aab1664d789723a8fda7578b100c26e75a0d17a;hb=3af9a356135ef1622e46dfafd215ebcea2db5bac;hpb=407c56bb4dab1eac542f37c5b0b25cb63133b2f0

diff --git a/roles/ops-hardening/tasks/main.yaml b/roles/ops-hardening/tasks/main.yaml
index 7aab166..90a57a2 100644
--- a/roles/ops-hardening/tasks/main.yaml
+++ b/roles/ops-hardening/tasks/main.yaml
@@ -456,7 +456,7 @@
 
 #
 # tighten USB permissions
-# 
+#
 - name: Set USBGuard RestoreControllerDeviceState to false
   lineinfile:
     path: /etc/usbguard/usbguard-daemon.conf
@@ -490,9 +490,9 @@
 
 - Name: Ban suspect USB devices
   blockinfile:
-    # this isn't the optimal way to do this, i know, but i don't 
+    # this isn't the optimal way to do this, i know, but i don't
     # want to create a whole new template tree just to add this.
-    path:  /etc/usbguard/rules.conf
+    path: /etc/usbguard/rules.conf
     create: yes
     owner: root
     group: root
@@ -509,9 +509,9 @@
      # enabled:
      # xHCI controller/hub
      allow with-interface equals { 09:00:00 }
-     # mass media — sites may want to consider restricting 
+     # mass media — sites may want to consider restricting
      # this to 08:06:50 to just get the virtual CDROM and ban
-     # other USB media 
+     # other USB media
      allow with-interface equals { 08:*:* }
      # ethernet
      allow with-interface equals { 02:02:ff }