Minimize_access to File [/usr/bin] issue

[hdep]

Describe the bug

on some system we got :

//server.domain.net//Stage[main]/Os_hardening::Minimize_access/File[/usr/bin]
Failed to generate additional resources using 'eval_generate': No such file or directory @ rb_file_s_stat - /usr/bin/clhsdb

Looking at the file is a symlink :

root@server:/usr/bin# ls -ltr /usr/bin/clhsdb lrwxrwxrwx 1 root root 24 juil. 30 09:53 /usr/bin/clhsdb -> /etc/alternatives/clhsdb

Expected behavior should compile without error

Actual behavior

compilation failed

OS / Environment Debian 9 mod 'hardening-os_hardening', '2.2.5'

Puppet Version

5.5.17

Best regards,

[mcgege]

@hdep Does the file /etc/alternatives/clhsdb (link target) exist on the system?

[hdep]

Hi, yes

:~$ ls -ltr /etc/alternatives/clhsdb
lrwxrwxrwx 1 root root 48 oct.  11 15:30 /etc/alternatives/clhsdb -> /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/clhsdb

this affects all my server with java.

[mcgege]

Well, yes, but this is once again a link :-) Please check if this second target also exists: ls -l /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/clhsdb I remember a similar problem where the (final) link target was not existent ...

[hdep]

Oh sorry :)

indeed I never check the full path it is broken links :

root@server:~# ls -la /usr/bin/clhsdb
lrwxrwxrwx 1 root root 24 juil. 30 09:53 /usr/bin/clhsdb -> /etc/alternatives/clhsdb
root@server:~# ls -ltr /etc/alternatives/clhsdb
lrwxrwxrwx 1 root root 48 juil. 30 09:53 /etc/alternatives/clhsdb -> /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/clhsdb
root@server:~# ls -ltr /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/clhsdb
ls: impossible d'accéder à '/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/clhsdb': Aucun fichier ou dossier de ce type

at least I know why I got this message now...

[mcgege]

This is an undocumented feature of this module: Find broken links :-) I'd like to prevent these Puppet errors, but haven't found a way yet ... If you fix this file link on your system, this error should vanish.