From 9369bfb4b50ad261dc078013d1e21ca61a214589 Mon Sep 17 00:00:00 2001 From: KheOps Date: Mon, 16 Mar 2015 13:53:36 +0100 Subject: [PATCH] Changed name of script that disable network offload on network cards to a generic name, as now it may be used to act on several network interfaces. Signed-off-by: KheOps --- roles/common/handlers/main.yml | 2 +- roles/common/tasks/ids.yml | 4 ++-- .../templates/disable-network-offload-cron.j2 | 2 +- .../templates/disable-network-offload.sh.j2 | 21 +++++++++++-------- 4 files changed, 16 insertions(+), 13 deletions(-) diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml index e4907c0..1e9a3a3 100644 --- a/roles/common/handlers/main.yml +++ b/roles/common/handlers/main.yml @@ -19,7 +19,7 @@ command: rkhunter --propupd - name: disable network offloading - command: /opt/disable-network-offload-{{ monitored_interface }}.sh + command: /opt/disable-network-offload.sh - name: update suricata ET rules command: oinkmaster -C /etc/oinkmaster/oinkmaster.conf -o /etc/snort/rules diff --git a/roles/common/tasks/ids.yml b/roles/common/tasks/ids.yml index c32a9ec..d5fbae6 100644 --- a/roles/common/tasks/ids.yml +++ b/roles/common/tasks/ids.yml @@ -23,13 +23,13 @@ tags: base - name: Install script that disables network offloading (for Suricata to work properly) - template: src=disable-network-offload.sh.j2 dest=/opt/disable-network-offload-{{ monitored_interface }}.sh owner=root group=root mode=0755 + template: src=disable-network-offload.sh.j2 dest=/opt/disable-network-offload.sh owner=root group=root mode=0755 notify: - disable network offloading tags: base - name: Make sure network offloading disabling is executed at each reboot - template: src=disable-network-offload-cron.j2 dest=/etc/cron.d/disable-network-offload-{{ monitored_interface }} owner=root group=root mode=0644 + template: src=disable-network-offload-cron.j2 dest=/etc/cron.d/disable-network-offload owner=root group=root mode=0644 tags: base - name: Install log rotation for Suricata log files diff --git a/roles/common/templates/disable-network-offload-cron.j2 b/roles/common/templates/disable-network-offload-cron.j2 index 811b157..0baea73 100644 --- a/roles/common/templates/disable-network-offload-cron.j2 +++ b/roles/common/templates/disable-network-offload-cron.j2 @@ -1 +1 @@ -@reboot root /opt/disable-network-offload-{{ monitored_interface }}.sh +@reboot root /opt/disable-network-offload.sh diff --git a/roles/common/templates/disable-network-offload.sh.j2 b/roles/common/templates/disable-network-offload.sh.j2 index 1133180..08b8420 100644 --- a/roles/common/templates/disable-network-offload.sh.j2 +++ b/roles/common/templates/disable-network-offload.sh.j2 @@ -1,11 +1,14 @@ #!/bin/bash -/sbin/ethtool -K {{ monitored_interface }} tso off -/sbin/ethtool -K {{ monitored_interface }} gro off -/sbin/ethtool -K {{ monitored_interface }} lro off -/sbin/ethtool -K {{ monitored_interface }} gso off -/sbin/ethtool -K {{ monitored_interface }} rx off -/sbin/ethtool -K {{ monitored_interface }} tx off -/sbin/ethtool -K {{ monitored_interface }} sg off -/sbin/ethtool -K {{ monitored_interface }} rxvlan off -/sbin/ethtool -K {{ monitored_interface }} txvlan off +{% for ifcap in monitored_interfaces %} +/sbin/ethtool -K {{ ifcap }} tso off +/sbin/ethtool -K {{ ifcap }} gro off +/sbin/ethtool -K {{ ifcap }} lro off +/sbin/ethtool -K {{ ifcap }} gso off +/sbin/ethtool -K {{ ifcap }} rx off +/sbin/ethtool -K {{ ifcap }} tx off +/sbin/ethtool -K {{ ifcap }} sg off +/sbin/ethtool -K {{ ifcap }} rxvlan off +/sbin/ethtool -K {{ ifcap }} txvlan off + +{% endfor %}