florianutz
commented
3 years ago Should be fixed as mentioned in https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1848330
Closed andrea-defraia closed 3 years ago
florianutz
commented
3 years ago Should be fixed as mentioned in https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1848330
Section 4.1 | Configure System Accounting (auditd) FAILS error is:
amazon-ebs: amazon-ebs: TASK [Ubuntu1804-CIS : PRELIM | Section 4.1 | Configure System Accounting (auditd)] *** amazon-ebs: fatal: [127.0.0.1]: FAILED! => {"cache_update_time": 1590390540, "cache_updated": false, "changed": false, "msg": "'/usr/bin/apt-get -y -o \"Dpkg::Options::=--force-confdef\" -o \"Dpkg::Options::=--force-confold\" install 'auditd' -o APT::Install-Recommends=no' failed: E: Sub-process /usr/bin/dpkg returned an error code (1)\n", "rc": 100, "stderr": "E: Sub-process /usr/bin/dpkg returned an error code (1)\n", "stderr_lines": ["E: Sub-process /usr/bin/dpkg returned an error code (1)"], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following additional packages will be installed:\n libauparse0\nSuggested packages:\n audispd-plugins\nThe following NEW packages will be installed:\n auditd libauparse0\n0 upgraded, 2 newly installed, 0 to remove and 4 not upgraded.\nNeed to get 242 kB of archives.\nAfter this operation, 803 kB of additional disk space will be used.\nGet:1 http://eu-central-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 libauparse0 amd64 1:2.8.2-1ubuntu1 [48.6 kB]\nGet:2 http://eu-central-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 auditd amd64 1:2.8.2-1ubuntu1 [194 kB]\nFetched 242 kB in 0s (18.9 MB/s)\nSelecting previously unselected package libauparse0:amd64.\r\n(Reading database ... \r(Reading database ... 5%\r(Reading database ... 10%\r(Reading database ... 15%\r(Reading database ... 20%\r(Reading database ... 25%\r(Reading database ... 30%\r(Reading database ... 35%\r(Reading database ... 40%\r(Reading database ... 45%\r(Reading database ... 50%\r(Reading database ... 55%\r(Reading database ... 60%\r(Reading database ... 65%\r(Reading database ... 70%\r(Reading database ... 75%\r(Reading database ... 80%\r(Reading database ... 85%\r(Reading database ... 90%\r(Reading database ... 95%\r(Reading database ... 100%\r(Reading database ... 57030 files and directories currently installed.)\r\nPreparing to unpack .../libauparse0_1%3a2.8.2-1ubuntu1_amd64.deb ...\r\nUnpacking libauparse0:amd64 (1:2.8.2-1ubuntu1) ...\r\nSelecting previously unselected package auditd.\r\nPreparing to unpack .../auditd_1%3a2.8.2-1ubuntu1_amd64.deb ...\r\nUnpacking auditd (1:2.8.2-1ubuntu1) ...\r\nSetting up libauparse0:amd64 (1:2.8.2-1ubuntu1) ...\r\nSetting up auditd (1:2.8.2-1ubuntu1) ...\r\nCreated symlink /etc/systemd/system/multi-user.target.wants/auditd.service -> /lib/systemd/system/auditd.service.\r\nJob for auditd.service failed because a timeout was exceeded.\r\nSee \"systemctl status auditd.service\" and \"journalctl -xe\" for details.\r\ninvoke-rc.d: initscript auditd, action \"start\" failed.\r\n\u001b[0;1;31m*\u001b[0m auditd.service - Security Auditing Service\r\n Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)\r\n Active: \u001b[0;1;31mfailed\u001b[0m (Result: timeout) since Mon 2020-05-25 07:12:03 UTC; 6ms ago\r\n Docs: man:auditd(8)\r\n https://github.com/linux-audit/audit-documentation\r\n Process: 12062 ExecStart=/sbin/auditd \u001b[0;1;31m(code=killed, signal=KILL)\u001b[0m\r\n\r\nMay 25 07:09:02 ip-172-20-0-48 systemd[1]: Starting Security Auditing Service...\r\nMay 25 07:09:02 ip-172-20-0-48 auditd[12063]: Started dispatcher: /sbin/audispd pid: 12065\r\nMay 25 07:10:32 ip-172-20-0-48 systemd[1]: \u001b[0;1;39m\u001b[0;1;31m\u001b[0;1;39mauditd.service: Start operation timed out. Terminating.\u001b[0m\r\nMay 25 07:12:03 ip-172-20-0-48 systemd[1]: \u001b[0;1;39m\u001b[0;1;31m\u001b[0;1;39mauditd.service: State 'stop-sigterm' timed out. Killing.\u001b[0m\r\nMay 25 07:12:03 ip-172-20-0-48 systemd[1]: \u001b[0;1;39m\u001b[0;1;31m\u001b[0;1;39mauditd.service: Killing process 12062 (auditd) with signal SIGKILL.\u001b[0m\r\nMay 25 07:12:03 ip-172-20-0-48 systemd[1]: \u001b[0;1;39m\u001b[0;1;31m\u001b[0;1;39mauditd.service: Killing process 12063 (auditd) with signal SIGKILL.\u001b[0m\r\nMay 25 07:12:03 ip-172-20-0-48 systemd[1]: \u001b[0;1;39m\u001b[0;1;31m\u001b[0;1;39mauditd.service: Control process exited, code=killed status=9\u001b[0m\r\nMay 25 07:12:03 ip-172-20-0-48 systemd[1]: \u001b[0;1;39m\u001b[0;1;31m\u001b[0;1;39mauditd.service: Failed with result 'timeout'.\u001b[0m\r\nMay 25 07:12:03 ip-172-20-0-48 systemd[1]: \u001b[0;1;31m\u001b[0;1;39m\u001b[0;1;31mFailed to start Security Auditing Service.\u001b[0m\r\ndpkg: error processing package auditd (--configure):\r\n installed auditd package post-installation script subprocess returned error exit status 1\r\nProcessing triggers for systemd (237-3ubuntu10.40) ...\r\nProcessing triggers for libc-bin (2.27-3ubuntu1) ...\r\nErrors were encountered while processing:\r\n auditd\r\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "The following additional packages will be installed:", " libauparse0", "Suggested packages:", " audispd-plugins", "The following NEW packages will be installed:", " auditd libauparse0", "0 upgraded, 2 newly installed, 0 to remove and 4 not upgraded.", "Need to get 242 kB of archives.", "After this operation, 803 kB of additional disk space will be used.", "Get:1 http://eu-central-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 libauparse0 amd64 1:2.8.2-1ubuntu1 [48.6 kB]", "Get:2 http://eu-central-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 auditd amd64 1:2.8.2-1ubuntu1 [194 kB]", "Fetched 242 kB in 0s (18.9 MB/s)", "Selecting previously unselected package libauparse0:amd64.", "(Reading database ... ", "(Reading database ... 5%", "(Reading database ... 10%", "(Reading database ... 15%", "(Reading database ... 20%", "(Reading database ... 25%", "(Reading database ... 30%", "(Reading database ... 35%", "(Reading database ... 40%", "(Reading database ... 45%", "(Reading database ... 50%", "(Reading database ... 55%", "(Reading database ... 60%", "(Reading database ... 65%", "(Reading database ... 70%", "(Reading database ... 75%", "(Reading database ... 80%", "(Reading database ... 85%", "(Reading database ... 90%", "(Reading database ... 95%", "(Reading database ... 100%", "(Reading database ... 57030 files and directories currently installed.)", "Preparing to unpack .../libauparse0_1%3a2.8.2-1ubuntu1_amd64.deb ...", "Unpacking libauparse0:amd64 (1:2.8.2-1ubuntu1) ...", "Selecting previously unselected package auditd.", "Preparing to unpack .../auditd_1%3a2.8.2-1ubuntu1_amd64.deb ...", "Unpacking auditd (1:2.8.2-1ubuntu1) ...", "Setting up libauparse0:amd64 (1:2.8.2-1ubuntu1) ...", "Setting up auditd (1:2.8.2-1ubuntu1) ...", "Created symlink /etc/systemd/system/multi-user.target.wants/auditd.service -> /lib/systemd/system/auditd.service.", "Job for auditd.service failed because a timeout was exceeded.", "See \"systemctl status auditd.service\" and \"journalctl -xe\" for details.", "invoke-rc.d: initscript auditd, action \"start\" failed.", "\u001b[0;1;31m*\u001b[0m auditd.service - Security Auditing Service", " Loaded: loaded (/lib/systemd/system/auditd.service; enabled; vendor preset: enabled)", " Active: \u001b[0;1;31mfailed\u001b[0m (Result: timeout) since Mon 2020-05-25 07:12:03 UTC; 6ms ago", " Docs: man:auditd(8)", " https://github.com/linux-audit/audit-documentation", " Process: 12062 ExecStart=/sbin/auditd \u001b[0;1;31m(code=killed, signal=KILL)\u001b[0m", "", "May 25 07:09:02 ip-172-20-0-48 systemd[1]: Starting Security Auditing Service...", "May 25 07:09:02 ip-172-20-0-48 auditd[12063]: Started dispatcher: /sbin/audispd pid: 12065", "May 25 07:10:32 ip-172-20-0-48 systemd[1]: \u001b[0;1;39m\u001b[0;1;31m\u001b[0;1;39mauditd.service: Start operation timed out. Terminating.\u001b[0m", "May 25 07:12:03 ip-172-20-0-48 systemd[1]: \u001b[0;1;39m\u001b[0;1;31m\u001b[0;1;39mauditd.service: State 'stop-sigterm' timed out. Killing.\u001b[0m", "May 25 07:12:03 ip-172-20-0-48 systemd[1]: \u001b[0;1;39m\u001b[0;1;31m\u001b[0;1;39mauditd.service: Killing process 12062 (auditd) with signal SIGKILL.\u001b[0m", "May 25 07:12:03 ip-172-20-0-48 systemd[1]: \u001b[0;1;39m\u001b[0;1;31m\u001b[0;1;39mauditd.service: Killing process 12063 (auditd) with signal SIGKILL.\u001b[0m", "May 25 07:12:03 ip-172-20-0-48 systemd[1]: \u001b[0;1;39m\u001b[0;1;31m\u001b[0;1;39mauditd.service: Control process exited, code=killed status=9\u001b[0m", "May 25 07:12:03 ip-172-20-0-48 systemd[1]: \u001b[0;1;39m\u001b[0;1;31m\u001b[0;1;39mauditd.service: Failed with result 'timeout'.\u001b[0m", "May 25 07:12:03 ip-172-20-0-48 systemd[1]: \u001b[0;1;31m\u001b[0;1;39m\u001b[0;1;31mFailed to start Security Auditing Service.\u001b[0m", "dpkg: error processing package auditd (--configure):", " installed auditd package post-installation script subprocess returned error exit status 1", "Processing triggers for systemd (237-3ubuntu10.40) ...", "Processing triggers for libc-bin (2.27-3ubuntu1) ...", "Errors were encountered while processing:", " auditd"]} amazon-ebs: to retry, use: --limit @/home/ubuntu/.ansible/stg/hardening.retry amazon-ebs: amazon-ebs: PLAY RECAP ********************************************************************* amazon-ebs: 127.0.0.1 : ok=7 changed=0 unreachable=0 failed=1More relevant info in: https://bugs.launchpad.net/ubuntu/+source/auditd/+bug/1848330 https://bugzilla.redhat.com/show_bug.cgi?id=1151794I added a condition to my branch that skips auditd install, but this is not really a solution. Troubleshooting further ATM