search

chef-cookbooks / auditd

Install and configure user mode auditd tools
Apache License 2.0
34 stars 39 forks source link

CAPP ruleset not provided on Bionic #51

Closed curiositycasualty closed 5 years ago

curiositycasualty commented 5 years ago

Ran into this while running a wrapper cookbook on bionic. According to https://reposcope.com/package/auditd/files the CAPP rules (and others) archive(s) previous available on xenial are no longer included with the auditd package.

Compare the file list for the auditd package on xenial and bionic.

For me, auditd::rules dies with the following on bionic.

Seems like the assumption is that "/usr/share/doc/auditd/examples/capp.rules.gz" exists: ``` Recipe: auditd::rules * auditd_builtins[capp] action create[2018-11-02T19:48:21+00:00] INFO: Processing auditd_builtins[capp] action create (auditd::rules line 24) * execute[installing ruleset capp] action run[2018-11-02T19:48:21+00:00] INFO: Processing execute[installing ruleset capp] action run (/tmp/packer-chef-client/local-mode-cache/cache/cookbooks/auditd/resources/builtins.rb line 35) [execute] gzip: /usr/share/doc/auditd/examples/capp.rules.gz: No such file or directory ================================================================================ Error executing action `run` on resource 'execute[installing ruleset capp]' ================================================================================ Mixlib::ShellOut::ShellCommandFailed ------------------------------------ Expected process to exit with [0], but received '1' ---- Begin output of zcat /usr/share/doc/auditd/examples/capp.rules.gz > /etc/audit/audit.rules ---- STDOUT: STDERR: gzip: /usr/share/doc/auditd/examples/capp.rules.gz: No such file or directory ---- End output of zcat /usr/share/doc/auditd/examples/capp.rules.gz > /etc/audit/audit.rules ---- Ran zcat /usr/share/doc/auditd/examples/capp.rules.gz > /etc/audit/audit.rules returned 1 Resource Declaration: --------------------- # In /tmp/packer-chef-client/local-mode-cache/cache/cookbooks/auditd/resources/builtins.rb 35: execute "installing ruleset #{new_resource.name}" do 36: command "zcat /usr/share/doc/auditd/examples/#{new_resource.name}.rules.gz > /etc/audit/audit.rules" 37: notifies :restart, 'service[auditd]' 38: end 39: end Compiled Resource: ------------------ # Declared in /tmp/packer-chef-client/local-mode-cache/cache/cookbooks/auditd/resources/builtins.rb:35:in `block in class_from_file' execute("installing ruleset capp") do action [:run] default_guard_interpreter :execute command "zcat /usr/share/doc/auditd/examples/capp.rules.gz > /etc/audit/audit.rules" backup 5 declared_type :execute cookbook_name "auditd" domain nil user nil end System Info: ------------ chef_version=14.6.47 platform=ubuntu platform_version=18.04 ruby=ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux] program_name=/usr/bin/chef-client executable=/opt/chefdk/bin/chef-client [2018-11-02T19:48:21+00:00] INFO: Running queued delayed notifications before re-raising exception ================================================================================ Error executing action `create` on resource 'auditd_builtins[capp]' ================================================================================ Mixlib::ShellOut::ShellCommandFailed ------------------------------------ execute[installing ruleset capp] (/tmp/packer-chef-client/local-mode-cache/cache/cookbooks/auditd/resources/builtins.rb line 35) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1' ---- Begin output of zcat /usr/share/doc/auditd/examples/capp.rules.gz > /etc/audit/audit.rules ---- STDOUT: STDERR: gzip: /usr/share/doc/auditd/examples/capp.rules.gz: No such file or directory ---- End output of zcat /usr/share/doc/auditd/examples/capp.rules.gz > /etc/audit/audit.rules ---- Ran zcat /usr/share/doc/auditd/examples/capp.rules.gz > /etc/audit/audit.rules returned 1 Resource Declaration: --------------------- # In /tmp/packer-chef-client/local-mode-cache/cache/cookbooks/auditd/recipes/rules.rb 24: auditd_builtins 'capp' 25: when 'lspp' Compiled Resource: ------------------ # Declared in /tmp/packer-chef-client/local-mode-cache/cache/cookbooks/auditd/recipes/rules.rb:24:in `from_file' auditd_builtins("capp") do action [:create] default_guard_interpreter :default declared_type :auditd_builtins cookbook_name "auditd" recipe_name "rules" end System Info: ------------ chef_version=14.6.47 platform=ubuntu platform_version=18.04 ruby=ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux] program_name=/usr/bin/chef-client executable=/opt/chefdk/bin/chef-client ```
welcomebot commented 5 years ago

Hey There It looks like this is the first issue you've filed against the chef-cookbooks project. I'm here to offer you a bit of extra help to make sure we can quickly get back to you. Make sure you've filled out all the fields in our issue template. Make sure you've provided us with the version of chef-client you're running, your operating system and the version of the cookbook. If you're not using the most up to date version of the cookbook then please make sure to update first. Lots of things change between versions even if you're issue isn't listed in the changelog. Finally please give us a detailed description of the issue you're having. The more we know about what you're trying to do, what actually happens, and how you can reproduce the problem, the better.

If you're looking for more immediate troubleshooting help make sure to check out #general on the Chef Community Slack. There's plenty of folks there willing to lend a helping hand. Thanks for the first issue. We hope we can get back to you soon with a solution.

curiositycasualty commented 5 years ago

Like shouting into the void.