From 95119f5474d6d585b173fdffcb922d3b2a8c7ac9 Mon Sep 17 00:00:00 2001
From: "ferenc.argay" <ferenc.argay@nokia.com>
Date: Wed, 2 Oct 2019 14:49:22 +0200
Subject: [PATCH] REC-418 Disable NFS services

and remove nfs-utils post-install

Change-Id: I577378ec783546f2570d6f73cb6e27acca0264d8
---
 roles/ops-hardening/tasks/main.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/roles/ops-hardening/tasks/main.yaml b/roles/ops-hardening/tasks/main.yaml
index 71218a0..3381cea 100644
--- a/roles/ops-hardening/tasks/main.yaml
+++ b/roles/ops-hardening/tasks/main.yaml
@@ -116,6 +116,7 @@
     - cramfs
     - usb-storage
     - udf
+    - nfsd
 
 #
 # Disable interactive boot
@@ -344,6 +345,29 @@
     state: "mounted"
     fstype: "{{device_fstype.stdout}}"
 
+#
+# Disable NFS service
+#
+
+- name: disable NFS related services
+  service:
+    name: "{{ item }}"
+    enabled: no
+    state: stopped
+  ignore_errors: yes
+  with_items:
+    - nfslock
+    - rpcgssd
+    - rpcidmapd
+    - nfs-idmap
+    - nfs-server
+    - nfs
+
+- name: remove nfs-utils package
+  yum:
+    name: nfs-utils
+    state: absent
+
 #
 # Setting file permissions
 #
-- 
2.16.6