search

ansible-lockdown / RHEL7-CIS

Ansible role for Red Hat 7 CIS Baseline
https://ansible-lockdown.readthedocs.io/en/latest/
MIT License
473 stars 303 forks source link

Task for CIS 6.1.12 seems broken #204

Closed Thulium-Drake closed 3 years ago

Thulium-Drake commented 3 years ago

When running the role against my Foreman server, I noticed that the task for 6.1.12 does not work. It tries to read rhel7stig_audit_complex but it's not set in this role anywhere (also, it's STIG, shouldn't that be CIS? :) )

TASK [cis_hardening_el7 : SCORED | 6.1.12 | AUDIT | Ensure no ungrouped files or directories exist | Displaying all ungrouped files or directories] ***
skipping: [deploy.admin.corp] => (item={'changed': False, 'end': '2021-04-08 22:39:21.707080', 'stdout': '', 'cmd': ['find', '/boot', '-xdev', '-nogroup'], 'rc': 0, 'start': '2021-04-08 22:39:21.690917', 'stderr': '', 'delta': '0:00:00.016163', 'invocation': {'module_args': {'creates': None, 'executable': None, '_uses_shell': False, 'strip_empty_ends': True, '_raw_params': 'find "/boot" -xdev -nogroup', 'removes': None, 'argv': None, 'warn': True, 'chdir': None, 'stdin_add_newline': True, 'stdin': None}}, 'stdout_lines': [], 'stderr_lines': [], 'failed': False, 'failed_when_result': False, 'item': {'block_used': 82505, 'uuid': '5152b6a7-1c5e-435e-b5e5-878d76f5f282', 'size_total': 1063256064, 'block_total': 259584, 'mount': '/boot', 'block_available': 177079, 'size_available': 725315584, 'fstype': 'xfs', 'inode_total': 524288, 'options': 'rw,seclabel,relatime,attr2,inode64,noquota', 'device': '/dev/sda1', 'inode_used': 369, 'block_size': 4096, 'inode_available': 523919}, 'ansible_loop_var': 'item'}) 
skipping: [deploy.admin.corp] => (item={'changed': False, 'end': '2021-04-08 22:39:24.876354', 'stdout': '', 'cmd': ['find', '/var', '-xdev', '-nogroup'], 'rc': 0, 'start': '2021-04-08 22:39:22.203782', 'stderr': '', 'delta': '0:00:02.672572', 'invocation': {'module_args': {'creates': None, 'executable': None, '_uses_shell': False, 'strip_empty_ends': True, '_raw_params': 'find "/var" -xdev -nogroup', 'removes': None, 'argv': None, 'warn': True, 'chdir': None, 'stdin_add_newline': True, 'stdin': None}}, 'stdout_lines': [], 'stderr_lines': [], 'failed': False, 'failed_when_result': False, 'item': {'block_used': 24693230, 'uuid': '1937571e-c803-44b4-a365-fdc625268801', 'size_total': 160978440192, 'block_total': 39301377, 'mount': '/var', 'block_available': 14608147, 'size_available': 59834970112, 'fstype': 'xfs', 'inode_total': 78641152, 'options': 'rw,seclabel,relatime,attr2,inode64,noquota', 'device': '/dev/mapper/data-var', 'inode_used': 88935, 'block_size': 4096, 'inode_available': 78552217}, 'ansible_loop_var': 'item'}) 
fatal: [deploy.admin.corp]: FAILED! => 
  msg: 'The conditional check ''rhel7stig_audit_complex'' failed. The error was: error while evaluating conditional (rhel7stig_audit_complex): ''rhel7stig_audit_complex'' is undefined'
uk-bolly commented 3 years ago

hi @Thulium-Drake

Thank you for highlighting the error. Hoping to get something out over the next few days..

Thanks

uk-bolly

uk-bolly commented 3 years ago

hi @Thulium-Drake

Thank you again for creating this issue, a fix was committed yesterday. This should now be resolved.

Please let us know if this is still not working for you.

Regards

uk-bolly

Thulium-Drake commented 3 years ago

Confirmed fixed on my environment as of current devel :-)

Thanks!