Vasu1105
commented
5 years ago @sean-nixon Sorry for late reply we will look at this soon and update you on this. Thank you for reporting.
Closed sean-nixon closed 5 years ago
Vasu1105
commented
5 years ago @sean-nixon Sorry for late reply we will look at this soon and update you on this. Thank you for reporting.
dheerajd-msys
commented
5 years ago Hi @sean-nixon,
I've tried to reproduce this issue on Ubuntu v16.04 and Ubuntu v14.04 but everything seems to be running fine at our end.
In order to verify created machines ( Ubuntu16 and Ubuntu14) from Azure Portal and pinned chef extension 1210.13 and chef-client v14.12.3
Added your cookbook in the run list recipe[os-hardening]
Machine has /usr/sbin set in PATH
root@dh-ubu-pam-cron:~# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binFrom chef-client.log everything seems to be perfect.
chef-client-on-ubu-14.04.log chef-client-on-ubu-16.04.log
Please check and let us know if there is anything.
Thanks, Dheeraj
dheerajd-msys
commented
5 years ago Just an update :
It seems issue was not reproduced earlier because I've used the latest cookbook os-hardening from pam-auth-updatePR#238 and chef-os-hardeningIssues#237 which fixed the path issue in cookbook itself.
I have removed the path from the cookbook and could see error is reproduced. We will check from our
end if this should be fixed and will update.
Thanks
sean-nixon
commented
5 years ago Thanks for reviewing this @dheerajd-msys. Yeah, I submitted a patch to that cookbook in the meantime to invoke the command with the full path. There are probably a decent amount of other cookbooks that this could affect, so I think it could still be worthwhile to make the PATH configurable for the extension
The DevSec os-hardening cookbook relies on
pam-auth-updatebeing in the PATH for Ubuntu nodes. The crontab generated by this extension uses the default PATH which to my knowledge only includes/bin:/usr/binand not/usr/sbinwherepam-auth-updateresides. This is causing the downstream cookbook to fail withErrno::ENOENT: No such file or directory - pam-auth-updateI've validated that updating the crontab line to the following fixes the client run.
/bin/sleep 0; PATH=$PATH:/usr/sbin; chef-client -c /etc/chef/client.rb...Is it possible to add the /usr/sbin to the path of the client in the crontab as part of the installation? Or else make the PATH configurable?