search

florianutz / ubuntu2004_cis

Ubuntu CIS Hardening Ansible Role
MIT License
108 stars 67 forks source link

Mistype in task section 3.5.3.2.1 #38

Closed sehari24jam closed 2 years ago

sehari24jam commented 2 years ago

Describe the bug Try disable section 3.5.3.2.1 by set var ubuntu2004cis_rule_3_5_3_2_1 to false.

To Reproduce Steps to reproduce the behavior:

  1. ansible-playbook site.yml -e ubuntu2004cis_rule_3_5_3_2_1=false
  2. check in target host: iptables INPUT default policy will be set to DENY

Expected behavior iptables INPUT untouched

Software (please complete the following information):

Additional context IMHO simple (copy-paste) mistype. Line of code accused: https://github.com/florianutz/ubuntu2004_cis/blob/d541f93c43f3d2ef094b9dbd4d19816ca03d0f1b/tasks/section3.yml#L768 https://github.com/florianutz/ubuntu2004_cis/blob/d541f93c43f3d2ef094b9dbd4d19816ca03d0f1b/tasks/section3.yml#L775

sehari24jam commented 2 years ago

another one, which I believe it should patch instead patc3

https://github.com/florianutz/ubuntu2004_cis/blob/9f680428df7616d2f909929a48dc57f30c3f41c5/tasks/section1.yml#L956

florianutz commented 2 years ago

Hi @sehari24jam have you tried to use ansible-playbook site.yml -e ubuntu2004cis_setup_firewall=false? There are more than two tasks wich will modify iptables.