## Control 2.1.1.1
# This variable choses the tool used for time synchronization
# The three options are `chrony`, `ntp`, and `systemd-timesyncd`.
ubtu22cis_time_sync_tool: "systemd-timesyncd"
## Controls 2.1.2.1 2.1.3.1, 2.1.4.1 - Configure time pools & servers for chrony, timesyncd, and ntp
# The following variable represents a list of of time server pools used
# for configuring chrony, timesyncd, and ntp.
# Each list item contains two settings, `name` (the domain name of the pool) and synchronization `options`.
# The default setting for the `options` is `iburst maxsources 4` -- please refer to the documentation
# of the time synchronization mechanism you are using.
ubtu22cis_time_pool:
- name: 0.nl.pool.ntp.org
- name: 1.nl.pool.ntp.org
- name: 2.nl.pool.ntp.org
- name: 3.nl.pool.ntp.org"
# The following variable represents a list of of time servers used
# for configuring chrony, timesyncd, and ntp.
# Each list item contains two settings, `name` (the domain name of the server) and synchronization `options`.
# The default setting for the `options` is `iburst` -- please refer to the documentation
# of the time synchronization mechanism you are using.
ubtu22cis_time_servers:
- name: 0.pool.ntp.org
- name: 1.pool.ntp.org
- name: 2.pool.ntp.org
- name: 3.pool.ntp.org
The following configuration is generated:
$ cat /etc/systemd/timesyncd.conf.d/50-timesyncd.conf
## Ansible controlled file
# Added as part of ansible-lockdown CIS baseline
# provided by MindPointGroup LLC
NTP=[{'name': '0.nl.pool.ntp.org'}, {'name': '1.nl.pool.ntp.org'}, {'name': '2.nl.pool.ntp.org'}, {'name': '3.nl.pool.ntp.org"'}]
FallbackNTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org
Expected BehaviorNTP should be a string, much like FallbackNTP.
Actual Behavior
A JSON list is generated and pasted in the file
Control(s) Affected
What controls are being affected by the issue
Environment (please complete the following information):
branch being used: devel
Ansible Version: core 2.12.5
Host Python Version: 3.10.12
Ansible Server Python Version: 3.10.12
Possible Solution
Change the template from this:
## Ansible controlled file
# Added as part of ansible-lockdown CIS baseline
# provided by MindPointGroup LLC
NTP={{ ubtu22cis_time_pool }}
FallbackNTP={% for servers in ubtu22cis_time_servers %}{{ servers.name }} {% endfor %}
To this:
## Ansible controlled file
# Added as part of ansible-lockdown CIS baseline
# provided by MindPointGroup LLC
NTP={% for servers in ubtu22cis_time_pool %}{{ servers.name }} {% endfor %}
FallbackNTP={% for servers in ubtu22cis_time_servers %}{{ servers.name }} {% endfor %}
Describe the Issue Using the following variables:
The following configuration is generated:
Expected Behavior
NTPshould be a string, much likeFallbackNTP.Actual Behavior A JSON list is generated and pasted in the file
Control(s) Affected What controls are being affected by the issue
Environment (please complete the following information):
Possible Solution Change the template from this:
To this: