Open Ranjith219 opened 1 month ago
hi @Ranjith219
This is a test to ensure you have a root password set when you have a specific control enabled. In this case
You have rule 4.6.6 enabled this requires that you have a root password set (this is also the in the error output.
This will halt the playbook due to the fact it could break your system with that enabled and you not yet set a root password. For amazon they generally don't set them but CIS recommends that you do. You can either skip this particular control changing the value to false for amzn2023cis_rule_4_6_6 or you could set a root password manually to enable this control to take place.
Hope that helps.
uk-bolly
Ah, that makes sense, thank you so much for clarification and quick response, appreciate it.
Hi @uk-bolly, Could you please shed some light on this? I'm Getting No such file or directory: '/usr/bin/python'\nShared connection to 127.0.0.1 closed while installing crypto-policies
amazon-ebs.amz3-build: TASK [ace-os-hardening-ansible-cis-amnz-linux3 : PRELIM | Install crypto-policies | pkgs present] ***
amazon-ebs.amz3-build: An exception occurred during task execution. To see the full traceback, use -vvv. The error was: Shared connection to 127.0.0.1 closed.
amazon-ebs.amz3-build: fatal: [default]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/home/ec2-user/~gha/.ansible/tmp/ansible-tmp-1723643095.1981156-1950-145898115397304/AnsiballZ_yum.py\", line 107, in <module>\n _ansiballz_main()\n File \"/home/ec2-user/~gha/.ansible/tmp/ansible-tmp-1723643095.1981156-1950-145898115397304/AnsiballZ_yum.py\", line 99, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/ec2-user/~gha/.ansible/tmp/ansible-tmp-1723643095.1981156-1950-145898115397304/AnsiballZ_yum.py\", line 47, in invoke_module\n runpy.run_module(mod_name='ansible.modules.yum', init_globals=dict(_module_fqn='ansible.modules.yum', _modlib_path=modlib_path),\n File \"/usr/lib64/python3.9/runpy.py\", line 225, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib64/python3.9/runpy.py\", line 97, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/usr/lib64/python3.9/runpy.py\", line 87, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_ansible.legacy.yum_payload_t_o4_i4i/ansible_ansible.legacy.yum_payload.zip/ansible/modules/yum.py\", line 1803, in <module>\n File \"/tmp/ansible_ansible.legacy.yum_payload_t_o4_i4i/ansible_ansible.legacy.yum_payload.zip/ansible/modules/yum.py\", line 1799, in main\n File \"/tmp/ansible_ansible.legacy.yum_payload_t_o4_i4i/ansible_ansible.legacy.yum_payload.zip/ansible/modules/yum.py\", line 1679, in run\n File \"/tmp/ansible_ansible.legacy.yum_payload_t_o4_i4i/ansible_ansible.legacy.yum_payload.zip/ansible/module_utils/common/respawn.py\", line 43, in respawn_module\n File \"/usr/lib64/python3.9/subprocess.py\", line 349, in call\n with Popen(*popenargs, **kwargs) as p:\n File \"/usr/lib64/python3.9/subprocess.py\", line 951, in __init__\n self._execute_child(args, executable, preexec_fn, close_fds,\n File \"/usr/lib64/python3.9/subprocess.py\", line 1821, in _execute_child\n raise child_exception_type(errno_num, err_msg, err_filename)\n**FileNotFoundError: [Errno 2] No such file or directory: '/usr/bin/python'\nShared connection to 127.0.0.1 closed.**\r\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
Question I'm pretty new to Ansible and I have been trying this Ansible role. However, it's failing at the "Ensure root password is set" step and I'm unclear on how to set the password. I just cloned this repo, configured the tag in the playbook, and ran it. Please help me out. The error message is below.
Environment (please complete the following information):