System apps aren't being fully removed

[zac90]

Describe the Issue A number of system apps aren't being completely removed. This causes either systemctl to report them as there or dpkg to show them. The apps found so far in question are apport, telnet and rpc. These should be fully removed from the system. However, to do this it requires an apt purge not just a remove. So the tasks for example that use package don't support the purge option.

- name: "1.5.3 | PATCH | Ensure Automatic Error Reporting is not enabled | remove package"
        ansible.builtin.package:
            name: apport
            state: absent

- name: "2.3.4 | PATCH | Ensure telnet client is not installed"
  ansible.builtin.package:
      name: telnet
      state: absent

- name: "2.3.6 | PATCH | Ensure RPC is not installed"
  ansible.builtin.package:
      name: rpcbind
      state: absent                  

Which is not properly removing it.

Expected Behavior System apps are properly removed, and services removed.

Actual Behavior The app isn't removed and therefor can still be seen when running a systemctl status apport or a dpkg-query. This has been found so far on the three controls listed, but more may exist.

Control(s) Affected 1.5.3, 2.3.4 and 2.3.6

Possible Solution Use the apt ansible module and add the parameter purge: true to it.

[uk-bolly]

hi @zac90

Great catch, i have added this as a handler for all packages. Also the ability to not purge packages (this would clean everything even prior to remediate) it give the user th option then. Thanks again

uk-bolly