From 03b90b70cec2710ef9d640fe4f3574fd7f5825f3 Mon Sep 17 00:00:00 2001
From: packetcat <packetcat@nullrouted.space>
Date: Wed, 28 Feb 2024 07:39:27 -0500
Subject: [PATCH] add disable-rpcbind role

---
 ubuntu/disable-rpcbind.yml                  | 7 +++++++
 ubuntu/roles/disable-rpcbind/tasks/main.yml | 9 +++++++++
 ubuntu/site.yml                             | 1 +
 3 files changed, 17 insertions(+)
 create mode 100644 ubuntu/disable-rpcbind.yml
 create mode 100644 ubuntu/roles/disable-rpcbind/tasks/main.yml

diff --git a/ubuntu/disable-rpcbind.yml b/ubuntu/disable-rpcbind.yml
new file mode 100644
index 0000000..f99b1ff
--- /dev/null
+++ b/ubuntu/disable-rpcbind.yml
@@ -0,0 +1,7 @@
+---
+- name: Disable rpcbind service
+  hosts: cloud
+  user: root
+
+  roles:
+    - disable-rpcbind
\ No newline at end of file
diff --git a/ubuntu/roles/disable-rpcbind/tasks/main.yml b/ubuntu/roles/disable-rpcbind/tasks/main.yml
new file mode 100644
index 0000000..419e3d4
--- /dev/null
+++ b/ubuntu/roles/disable-rpcbind/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+# This role disables the rpcbind service on hosts
+
+- name: Disable and mask the rpcbind service
+  systemd:
+    name: rpcbind
+    enabled: false
+    state: stopped
+    masked: true
diff --git a/ubuntu/site.yml b/ubuntu/site.yml
index 59ac057..1c6921c 100644
--- a/ubuntu/site.yml
+++ b/ubuntu/site.yml
@@ -9,3 +9,4 @@
     - turn-off-motd-news
     - apt-maintenance
     - ssh-enforcement
+    - disable-rpcbind