5.7 | PATCH | Ensure access to the su command is restricted | wheel group contains root

mfortin commented 7 months ago

Describe the Issue When rhel7cis_sugroup is defined, control 5.7 fails.

Expected Behavior

TASK [RHEL7-CIS : 5.7 | PATCH | Ensure access to the su command is restricted | wheel group contains root] ***
  changed: [10.0.0.2]

Actual Behavior

TASK [RHEL7-CIS : 5.7 | PATCH | Ensure access to the su command is restricted | wheel group contains root] ***
fatal: [10.117.250.199]: FAILED! => changed=false
  msg: 'Unsupported parameters for (ansible.builtin.group) module: groups. Supported parameters include: force, gid, local, name, non_unique, state, system.'

Control(s) Affected

5.7 -Ensure access to the su command is restricted

Environment (please complete the following information):

branch being used: tag 1.2.3
Ansible Version: 2.16.3
Host Python Version: Python 3.7.x
Ansible Server Python Version: Python 3.11.7
Additional Details: CentOS 7

Additional Notes Tested locally with a modified version of the role and it succeeded.

Possible Solution ansible.builtin.user should be used, not ansible.builtin.group.

mfortin commented 7 months ago

Devel branch has the fix. Perhaps a new release would be in order.

uk-bolly commented 5 months ago

hi @mfortin

Apologies for the delay, you should see that a new release was cut a couple of weeks ago. https://github.com/ansible-lockdown/RHEL7-CIS/releases/tag/1.3.0

Many thanks

uk-bolly

mfortin commented 5 months ago

Release 1.3.0 resolves this issue, thanks!

ansible-lockdown / RHEL7-CIS

5.7 | PATCH | Ensure access to the su command is restricted | wheel group contains root #332