Closed txsastre closed 5 months ago
hi @txsastre
Thank you for the issue , we do ask for information regarding ansible version and branch etc to assist us with investigation if you can let us know that may assist. In the example you have shown tags are generally not used to that extent. Every control has the ability to be turned on or off with the use of variables normally either via inventory, group vars or however you have set it up. This is will give you greater control with many controls also having other variables you can set. could i suggest that you set the controls you don't want to run to false and see how that works.
I hope that helps
Regards
uk-bolly
Hi there, sorry about not informing before.
I was just testing some parameters an once it has worked I added all of them in a bad way as i can see, can you point me where can I set the controls to false ? is it in UBUNTU22-CIS-devel ->defaults -> main.yml ?
Related to the branch, i just donwloaded the scripts from devel (default)
the ansible controller is a Debian 12
ansible [core 2.16.3] config file = None configured module search path = ['/home/hal/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/hal/.local/lib/python3.11/site-packages/ansible ansible collection location = /home/hal/.ansible/collections:/usr/share/ansible/collections executable location = /usr/bin/ansible python version = 3.11.8 (main, Feb 7 2024, 21:52:08) [GCC 13.2.0] (/usr/bin/python3) jinja version = 3.1.2 libyaml = True
hi @txsastre
I believe that this issue has been addressed and the fix merged, I will close this issue, please feel free to reopen or raise a new one if this particular problem still exists.
Many thanks
uk-bolly
i've executed the playlist with this args :
--tags rule_1.1.1.1,rule_1.1.1.2,rule_1.1.1.3,rule_1.1.2.1,rule_1.1.2.2,rule_1.1.2.3,rule_1.1.2.4,rule_1.1.9,rule_1.1.3.1,rule_1.1.3.2,rule_1.1.3.3,rule_1.1.8.1,rule_1.1.8.2,rule_1.1.8.3,rule_1.2.1,rule_1.2.2,rule_1.3.1,rule_1.4.1,rule_1.4.2,rule_1.4.3,rule_1.5.1,rule_1.5.2,rule_1.5.4,rule_1.6.1.1,rule_1.6.1.2,rule_1.6.1.3,rule_1.7.1,rule_1.7.2,rule_1.7.3,rule_1.7.4,rule_1.7.5,rule_1.7.6,rule_1.8.1,rule_1.8.2,rule_1.8.3,rule_1.8.4,rule_1.8.5,rule_1.8.6,rule_1.8.7,rule_2.1.1.1,rule_2.1.1.1,rule_2.1.1.1,rule_2.2.1,rule_2.2.2.,rule_2.2.3.,rule_2.2.4,rule_2.2.5,rule_2.2.6,rule_2.2.7,rule_2.2.8,rule_2.2.9,rule_2.2.10,rule_2.2.11,rule_2.2.12,rule_2.2.13,rule_2.2.14,rule_2.2.15,rule_2.2.16,rule_2.3.1,rule_2.3.2,rule_2.3.3,rule_2.3.4,rule_2.3.5,rule_2.3.6,rule_3.1.1,rule_3.2.1,rule_3.2.2,rule_3.3.2,rule_3.3.3,rule_3.3.4,rule_3.3.5,rule_3.3.6,rule_3.3.7,rule_3.3.8,rule_3.3.9,rule_4.1.1.1,rule_4.1.1.2,rule_4.1.1.3,rule_4.1.1.1,rule_4.1.1.2,rule_4.1.1.3,rule_4.1.2.1,rule_4.1.3.4,rule_4.1.3.8,rule_4.1.3.5,rule_4.1.3.14,rule_4.1.3.12,rule_4.1.3.11,rule_4.1.3.9,rule_4.1.3.7,rule_4.1.3.6,rule_4.1.3.10,rule_4.1.3.13,rule_4.1.3.1,rule_4.1.3.19,rule_4.1.3.20,rule_5.1.1,rule_5.1.2,rule_5.1.3,rule_5.1.4,rule_5.1.5,rule_5.1.6,rule_5.1.7,rule_5.1.8,rule_5.2.1,rule_5.2.2,rule_5.2.5,rule_5.2.12,rule_5.2.18,rule_5.2.11,rule_5.2.8,rule_5.2.7,rule_5.2.9,rule_5.2.10,rule_5.2.14,rule_5.2.22,rule_5.2.21,rule_5.2.17,rule_5.4.1,rule_5.4.2,rule_5.4.3,rule_5.4.4,rule_5.5.1.2,rule_5.5.1.1,rule_5.5.1.3,rule_5.5.1.4,rule_5.5.1.5,rule_5.5.2,rule_5.5.3,rule_5.5.4,rule_5.5.5,rule_5.3.4,rule_6.1.1,rule_6.1.5,rule_6.1.3,rule_6.1.7,rule_6.1.2,rule_6.1.6,rule_6.1.4,rule_6.1.8,rule_6.1.9,rule_6.1.10,rule_6.1.11,rule_6.1.12,rule_6.1.13,rule_6.2.1,rule_6.2.2,rule_6.2.3,rule_6.2.4,rule_6.2.5,rule_6.2.6,rule_6.2.7,rule_6.2.8,rule_6.2.9,rule_6.2.10,rule_6.2.11,rule_6.2.12,rule_6.2.13,rule_6.2.14,rule_6.2.15,rule_6.2.16,rule_6.2.17, -l SRV1-UBU -K
At the end I received this error running handlers, I can see that is related to 4.1.3.21, but I haven't set in the tag playbook Trying again, adding rule_4_1_3_21 and now it works
RUNNING HANDLER [/home/hal/ansible/hardening/UBUNTU22-CIS-devel : Auditd rules reload] **** fatal: [SRV1-UBU]: FAILED! => {"msg": "The conditional check '\"No change\" not in ubtu22cis_rule_4_1_3_21_augen_check.stdout' failed. The error was: error while evaluating conditional (\"No change\" not in ubtu22cis_rule_4_1_3_21_augen_check.stdout): 'ubtu22cis_rule_4_1_3_21_augen_check' is undefined. 'ubtu22cis_rule_4_1_3_21_augen_check' is undefined\n\nThe error appears to be in '/home/hal/ansible/hardening/UBUNTU22-CIS-devel/handlers/main.yml': line 113, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Auditd rules reload\n ^ here\n"}