Information
Wireless networking is used when wired networks are unavailable. Debian contains a wireless tool kit to allow system administrators to configure and use wireless networks.
Rationale:
If wireless is not to be used, wireless devices can be disabled to reduce the potential attack surface.
Impact:
Many if not all laptop workstations and some desktop workstations will connect via wireless requiring these interfaces be enabled.
Solution
Run the following script to disable any wireless interfaces:
#!/bin/bash
if command -v nmcli >/dev/null 2>&1 ; then
nmcli radio all off
else
if [ -n '$(find /sys/class/net/*/ -type d -name wireless)' ]; then
drivers=$(for driverdir in $(find /sys/class/net/*/ -type d -name wireless | xargs -0 dirname); do basename '$(readlink -f '$driverdir'/device/driver)';done | sort -u)
for dm in $drivers; do
echo 'install $dm /bin/true' >> /etc/modprobe.d/disable_wireless.conf
done
fi
fi
Additional Information:
Edited to correct scripts. Do we need to remove other references to a wireless driver from /etc/modprobe.d/? The test system I used had a file iwlwifi.conf to load the correct drivers.