search

ansible-lockdown / UBUNTU22-CIS

Ansible role for Ubuntu22 CIS Baseline
https://ansible-lockdown.readthedocs.io/en/latest/
MIT License
181 stars 80 forks source link

Rule 2.2.2 has wrong conditional #108

Closed ipruteanu-sie closed 12 months ago

ipruteanu-sie commented 1 year ago

Describe the Issue Rule "2.2.2 | PATCH | Ensure Avahi Server is not installed" has a wrong conditional:

  when:
      - "'avahi' in ansible_facts.packages"

Expected Behavior When avahi is installed, this rule should uninstall it.

Actual Behavior This never gets executed, as the package name is slightly different: NOT avahi, but avahi-daemon

Control(s) Affected 2.2.2

Environment (please complete the following information):

Additional Notes To quickly see, in an interactive manner(quickly filter/sort), what's inside the ansible_facts.packages, you can try this small python snippet:

import apt
cache = apt.Cache()

for mypkg in cache:
    if cache[mypkg.name].is_installed:
        print mypkg.name

which would have as stdout:

audispd-plugins
auditd
avahi-daemon    ***** `avahi` will NOT be in package.facts, rule will be skipped
awscli
base-files

Possible Solution I'll provide a PR.

uk-bolly commented 1 year ago

hi @ipruteanu-sie

That is a brilliant catch, thank you for the PR. This has now been merged.

regards

uk-bolly

uk-bolly commented 12 months ago

hi @ipruteanu-sie

This issue was merged to devel a couple of weeks ago. I will close this Issue, if this does not resolve your issue please reopen.

Many thanks as always

uk-bolly