search

cvquesty / cis_hardening

Apache License 2.0
1 stars 1 forks source link

Write code to parse out what interfaces are wireless to disable them - Control 3.1.2 #21

Open cvquesty opened 2 years ago

cvquesty commented 2 years ago

Run the following script to disable any wireless interfaces:

#!/bin/bash

if command -v nmcli >/dev/null 2>&1 ; then
  nmcli radio all off
else
  if [ -n "$(find /sys/class/net/*/ -type d -name wireless)" ]; then
    mname=$(for driverdir in $(find /sys/class/net/*/ -type d -name wireless | xargs -0 dirname); do basename "$(readlink -f 
    "$driverdir"/device/driver/module)";done | sort -u)
      for dm in $mname; do
        echo "install $dm /bin/true" >> /etc/modprobe.d/disable_wireless.conf
      done
  fi 
fi
cvquesty commented 2 years ago

Helpful code to discover wireless interfaces that are on:

#!/bin/bash

if command -v nmcli >/dev/null 2>&1 ; then
  if nmcli radio all \| grep -Eq '\s*\S+\s+disabled\s+\S+\s+disabled\b'; then
    echo "Wireless is not enabled"
  else
    nmcli radio all
  fi 
elif [ -n "$(find /sys/class/net/*/ -type d -name wireless)" ]; then
  t=0
  mname=$(for driverdir in $(find /sys/class/net/*/ -type d -name wireless | 
xargs -0 dirname); do basename "$(readlink -f 
"$driverdir"/device/driver/module)";done | sort -u)
  for dm in $mname; do
    if grep -Eq "^\s*install\s+$dm\s+/bin/(true\|false)"
/etc/modprobe.d/*.conf; then
      /bin/true
    else
      echo "$dm is not disabled"
        t=1
     fi 
    done   
    [ "$t" -eq 0 ] && echo "Wireless is not enabled" 
  else   
     echo "Wireless is not enabled" 
fi