Task "2.1.2 Ensure chrony is configured | modify /etc/sysconfig/chronyd" adds parameter on every execution

[fgierlinger]

Describe the Issue The regex in the task "2.1.2 Ensure chrony is configured | modify /etc/sysconfig/chronyd" is supposed to add the parameter "-u chrony" and keep all other parameters. But the task is not idempotent. The "-u chrony" parameter is added for every execution.

https://github.com/ansible-lockdown/RHEL8-CIS/blob/7509256bf2ced8db3edf5f9b353a8b183068c527/tasks/section_2/cis_2.1.x.yml#L36-L52

After 3 executions the file /etc/sysconfig/chronyd has the following content:

OPTIONS="-u chrony -u chrony -u chrony"

Expected Behavior The task should be idempotent and only add "-u chrony" if not already specified.

Actual Behavior The task reports a change on every execution and adds "-u chrony" at every execution.

Control(s) Affected Task 2.1.2 v8 8.4 Standardize Time Synchonization v7 6.1 Utilize Three Synchronized Time Sources

Environment (please complete the following information):

• branch being used: devel
• Ansible Version: 2.16.7
• Host Python Version: Python 3.11.5
• Ansible Server Python Version: Python 3.11.5

Additional Notes

Possible Solution

[uk-bolly]

hi @fgierlinger

Thank you for this issue, i can see you are referring to the older benchmark version 2.0.0. CIS v3.0 was released a while ago. I have therefore added these fixes to a new locked branch called benchamrk_v2.0.0.

I hope this helps.

Many thanks

uk-bolly

[uk-bolly]

hi @fgierlinger

Thank you again for your time regarding this issue. You should find that this fix was merged into devel and is now in the main branch. I will close this issue, please feel free to reopen if this is not resolved as expected.

Many thanks

uk-bolly