Closed sedenardi closed 2 years ago
Looks like this change was introduced in 2.12 according to https://github.com/ansible/ansible/issues/37355 (and PR https://github.com/ansible/ansible/pull/73591). I did not experience this issue using 2.11.x
Changing the ubuntu2004cis_aide_cron.cron_file
variable to create a new /etc/cron.d/aide
file rather than modify /etc/crontab
resolves this issue.
- name: harden server to CIS benchmarks
ansible.builtin.import_role:
name: florianutz.ubuntu2004_cis
vars:
ubuntu2004cis_aide_cron:
cron_user: root
cron_file: aide
aide_job: '/usr/bin/aide.wrapper --config /etc/aide/aide.conf --check'
aide_minute: 0
aide_hour: 5
aide_day: '*'
aide_month: '*'
aide_weekday: '*'
I hit this as well, is this going to be merged as a fix?
I'm happy to submit a PR, but I'm not sure if this change is compatible with ansible
versions < 2.12
. I had a tough time finding ansible
docs for a specific version other than the latest. Though I'd have to imagine that ansible
always let you specify a specific cron_file
?
Sorry I missed that a bit. I have fixed the bug so that the new Ansible versions work as well. Can you please check if the the new version is now running without errors for you.
Describe the bug The step "SCORED | 1.4.2 | PATCH | Ensure filesystem integrity is regularly checked" fails due to invalid cron settings (see Error below). This only started happening in the last month or so.
To Reproduce Steps to reproduce the behavior:
florianutz.ubuntu2004_cis
in Ansible playbookError:
Expected behavior The step and entire playbook should execute successfully.
Software (please complete the following information):