arronax
commented
4 years ago Starting from ansible 2.6 it's also possible to fix this passing extra executable parameter to script module. However, that'll break compatibility with earlier versions of ansible.
- name: 6.2.6 - Audit root PATH Integrity
script: "{{ role_path }}/files/audit_6.2.6.sh"
args:
executable: bash -l
check_mode: no
changed_when: False
register: audit_6_2_6
tags:
- level-1
- section-6
- "6.2.6"
- scoredPLAY [ip-192-168-3-209] ********************************************************
TASK [ansible-role-cis-amazon-linux : 6.2.6 - Audit root PATH Integrity] *******
ok: [ip-192-168-3-209]
TASK [ansible-role-cis-amazon-linux : 6.2.6 - Ensure root PATH Integrity] ******
skipping: [ip-192-168-3-209]
TASK [ansible-role-cis-amazon-linux : 6.2.6 - Ensure root PATH Integrity] ******
ok: [ip-192-168-3-209] => {
"msg": "*** ACTION REQUIRED *** /root/bin is not a directory\r\n"
}
PLAY RECAP *********************************************************************
ip-192-168-3-209 : ok=2 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
See #68 for an overview of the issue.
Item 6.2.6 has to check PATH, which is apparently not set when using
scriptmodule. Runningbash -lfrom thecommandmodule allows to set the environment, but requires to copy the script to the remote machine. Cleanup included.Running fixed version produces the following output (compare to #68)