Changed name of script that disable network offload on network cards …

…to a generic name, as now it may be used to act on several network interfaces. Signed-off-by: KheOps <kheops@ceops.eu>
equalitie · Mar 16, 2015 · 9369bfb · 9369bfb
1 parent 2660f6a
commit 9369bfb
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 13 deletions.
diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml
@@ -19,7 +19,7 @@
   command: rkhunter --propupd
 
 - name: disable network offloading
-  command: /opt/disable-network-offload-{{ monitored_interface }}.sh
+  command: /opt/disable-network-offload.sh
 
 - name: update suricata ET rules
   command: oinkmaster -C /etc/oinkmaster/oinkmaster.conf -o /etc/snort/rules

diff --git a/roles/common/tasks/ids.yml b/roles/common/tasks/ids.yml
@@ -23,13 +23,13 @@
   tags: base
 
 - name: Install script that disables network offloading (for Suricata to work properly)
-  template: src=disable-network-offload.sh.j2 dest=/opt/disable-network-offload-{{ monitored_interface }}.sh owner=root group=root mode=0755
+  template: src=disable-network-offload.sh.j2 dest=/opt/disable-network-offload.sh owner=root group=root mode=0755
   notify:
     - disable network offloading
   tags: base
 
 - name: Make sure network offloading disabling is executed at each reboot
-  template: src=disable-network-offload-cron.j2 dest=/etc/cron.d/disable-network-offload-{{ monitored_interface }} owner=root group=root mode=0644
+  template: src=disable-network-offload-cron.j2 dest=/etc/cron.d/disable-network-offload owner=root group=root mode=0644
   tags: base
 
 - name: Install log rotation for Suricata log files

diff --git a/roles/common/templates/disable-network-offload-cron.j2 b/roles/common/templates/disable-network-offload-cron.j2
@@ -1 +1 @@
-@reboot	root	/opt/disable-network-offload-{{ monitored_interface }}.sh
+@reboot	root	/opt/disable-network-offload.sh
diff --git a/roles/common/templates/disable-network-offload.sh.j2 b/roles/common/templates/disable-network-offload.sh.j2
@@ -1,11 +1,14 @@
 #!/bin/bash
 
-/sbin/ethtool -K {{ monitored_interface }} tso off
-/sbin/ethtool -K {{ monitored_interface }} gro off
-/sbin/ethtool -K {{ monitored_interface }} lro off
-/sbin/ethtool -K {{ monitored_interface }} gso off
-/sbin/ethtool -K {{ monitored_interface }} rx off
-/sbin/ethtool -K {{ monitored_interface }} tx off
-/sbin/ethtool -K {{ monitored_interface }} sg off
-/sbin/ethtool -K {{ monitored_interface }} rxvlan off
-/sbin/ethtool -K {{ monitored_interface }} txvlan off
+{% for ifcap in monitored_interfaces %}
+/sbin/ethtool -K {{ ifcap }} tso off
+/sbin/ethtool -K {{ ifcap }} gro off
+/sbin/ethtool -K {{ ifcap }} lro off
+/sbin/ethtool -K {{ ifcap }} gso off
+/sbin/ethtool -K {{ ifcap }} rx off
+/sbin/ethtool -K {{ ifcap }} tx off
+/sbin/ethtool -K {{ ifcap }} sg off
+/sbin/ethtool -K {{ ifcap }} rxvlan off
+/sbin/ethtool -K {{ ifcap }} txvlan off
+
+{% endfor %}