search

hubblestack / hubble

Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting.
Apache License 2.0
379 stars 87 forks source link

/modules/stat_nova.py giving error for RHEL6 minion #311

Closed sam0104 closed 6 years ago

sam0104 commented 6 years ago

salt pj-rhel6-sensoring.lab04.local hubble.audit OS_Linux . This is only on RHEL6 VM . We have other linux VM ( Centso6 , Cetos7 , RHEL7 ) but error is specific to RHEL6 which is on Red Hat Enterprise Linux Server release 6.9 (Santiago) . 

pj-rhel6-sensoring.lab04.local:
    ----------
    Compliance:
        68%
    Errors:
        |_
          ----------
          **/modules/stat_nova.py**:
              ----------
              data:
                  CommandExecutionError: Path not found: /usr/local/patchagent/patchservice
              error:
                  exception occurred
    Failure:
        |_
          ----------
          OS_Linux_v12-02:
              Ensure timezone is set correctly
        |_
          ----------
          OS_Linux_v12-15:
              SSH Root login disabled
        |_
          ----------
          OS_Linux_v12-16:
              Ensure iptables modules are loaded
        |_
          ----------
          OS_Linux_v12-10:
              Ensure sudoers file has non-default commands added to it
        |_
          ----------
          OS_Linux_v12-03:
              Ensure patchagent services are running
        |_
          ----------
          OS_Linux_v12-05:
              Ensure swap volume is on separate disk
    Success:
        |_
          ----------
          OS_Linux_V12-11:
              Root passwd should be set
        |_
          ----------
          OS_Linux_v12-13:
              No blank passwords allowed

**salt-minion version**  
[root@pj-rhel6-sensoring tmp]# salt-minion -V
Salt Version:
           Salt: 2017.7.4

Dependency Versions:
           cffi: Not Installed
       cherrypy: Not Installed
       dateutil: Not Installed
      docker-py: Not Installed
          gitdb: Not Installed
      gitpython: Not Installed
          ioflo: Not Installed
         Jinja2: 2.8.1
        libgit2: Not Installed
        libnacl: Not Installed
       M2Crypto: Not Installed
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.4.6
   mysql-python: Not Installed
      pycparser: Not Installed
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: Not Installed
         Python: 2.7.14 (default, Jan 31 2018, 02:12:13)
   python-gnupg: Not Installed
         PyYAML: 3.11
          PyZMQ: 14.5.0
           RAET: Not Installed
          smmap: Not Installed
        timelib: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.0.5

System Versions:
           dist: redhat 6.9 Santiago
         locale: UTF-8
        machine: x86_64
        release: 2.6.32-696.13.2.el6.x86_64
         system: Linux
        version: Red Hat Enterprise Linux Server 6.9 Santiago
basepi commented 6 years ago

That's odd. Does that path exist? Also can you run salt-call hubble.audit OS_Linux -ldebug on the host in question so we can see the whole stacktrace? Thanks!

sam0104 commented 6 years ago

Here is the output from impacted minion ( RHEL6 )

[root@pj-rhel6-sensoring ~]# salt-call hubble.audit OS_Linux -ldebug
[DEBUG   ] Reading configuration from /etc/salt/minion
[DEBUG   ] Including configuration from '/etc/salt/minion.d/_schedule.conf'
[DEBUG   ] Reading configuration from /etc/salt/minion.d/_schedule.conf
[DEBUG   ] Using cached minion ID from /etc/salt/minion_id: pj-rhel6-sensoring.lab04.local
[DEBUG   ] Configuration file path: /etc/salt/minion
[WARNING ] Insecure logging configuration detected! Sensitive data may be logged.
[DEBUG   ] Reading configuration from /etc/salt/minion
[DEBUG   ] Including configuration from '/etc/salt/minion.d/_schedule.conf'
[DEBUG   ] Reading configuration from /etc/salt/minion.d/_schedule.conf
[DEBUG   ] Connecting to master. Attempt 1 of 1
[DEBUG   ] Initializing new AsyncAuth for ('/etc/salt/pki/minion', 'pj-rhel6-sensoring.lab04.local', 'tcp://10.100.252.114:4506')
[DEBUG   ] Generated random reconnect delay between '1000ms' and '11000ms' (1919)
[DEBUG   ] Setting zmq_reconnect_ivl to '1919ms'
[DEBUG   ] Setting zmq_reconnect_ivl_max to '11000ms'
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'pj-rhel6-sensoring.lab04.local', 'tcp://10.100.252.114:4506', 'clear')
[DEBUG   ] Decrypting the current master AES key
[DEBUG   ] Loaded minion key: /etc/salt/pki/minion/minion.pem
[DEBUG   ] Loaded minion key: /etc/salt/pki/minion/minion.pem
[DEBUG   ] Determining pillar cache
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'pj-rhel6-sensoring.lab04.local', 'tcp://10.100.252.114:4506', 'aes')
[DEBUG   ] Initializing new AsyncAuth for ('/etc/salt/pki/minion', 'pj-rhel6-sensoring.lab04.local', 'tcp://10.100.252.114:4506')
[DEBUG   ] Loaded minion key: /etc/salt/pki/minion/minion.pem
[DEBUG   ] LazyLoaded jinja.render
[DEBUG   ] LazyLoaded yaml.render
[DEBUG   ] LazyLoaded hubble.audit
[DEBUG   ] LazyLoaded config.get
[DEBUG   ] syncing nova modules
[DEBUG   ] LazyLoaded cp.cache_dir
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'pj-rhel6-sensoring.lab04.local', 'tcp://10.100.252.114:4506', 'aes')
[DEBUG   ] Initializing new AsyncAuth for ('/etc/salt/pki/minion', 'pj-rhel6-sensoring.lab04.local', 'tcp://10.100.252.114:4506')
[INFO    ] Caching directory 'hubblestack_nova/' for environment 'base'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/README.rst' to resolve 'salt://hubblestack_nova/README.rst'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/README.rst' to resolve 'salt://hubblestack_nova/README.rst'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/audit.sls' to resolve 'salt://hubblestack_nova/audit.sls'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/audit.sls' to resolve 'salt://hubblestack_nova/audit.sls'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/centos-6-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/centos-6-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/centos-6-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/centos-6-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/centos-7-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/centos-7-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/centos-7-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/centos-7-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/centos-7-level-1-scored-v2.yaml' to resolve 'salt://hubblestack_nova/cis/centos-7-level-1-scored-v2.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/centos-7-level-1-scored-v2.yaml' to resolve 'salt://hubblestack_nova/cis/centos-7-level-1-scored-v2.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/debian-8-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/debian-8-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/debian-8-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/debian-8-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/fedora-24-level-1-scored-v2-1-0.yaml' to resolve 'salt://hubblestack_nova/cis/fedora-24-level-1-scored-v2-1-0.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/fedora-24-level-1-scored-v2-1-0.yaml' to resolve 'salt://hubblestack_nova/cis/fedora-24-level-1-scored-v2-1-0.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/fedora-25-level-1-scored-v2-1-0.yaml' to resolve 'salt://hubblestack_nova/cis/fedora-25-level-1-scored-v2-1-0.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/fedora-25-level-1-scored-v2-1-0.yaml' to resolve 'salt://hubblestack_nova/cis/fedora-25-level-1-scored-v2-1-0.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/centos-7/common/cis-1.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/centos-7/common/cis-1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/centos-7/common/cis-1.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/centos-7/common/cis-1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/centos-7/common/cis-5.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/centos-7/common/cis-5.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/centos-7/common/cis-5.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/centos-7/common/cis-5.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/fedora-24/common/cis-1.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/fedora-24/common/cis-1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/fedora-24/common/cis-1.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/fedora-24/common/cis-1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/fedora-24/common/cis-5.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/fedora-24/common/cis-5.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/fedora-24/common/cis-5.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/fedora-24/common/cis-5.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/fedora-25/common/cis-1.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/fedora-25/common/cis-1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/fedora-25/common/cis-1.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/fedora-25/common/cis-1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/fedora-25/common/cis-5.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/fedora-25/common/cis-5.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/fedora-25/common/cis-5.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/fedora-25/common/cis-5.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-10.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-10.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-10.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-10.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-2.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-2.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-2.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-2.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-4.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-4.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-4.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-4.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-6.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-6.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-6.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-6.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-9.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-9.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-9.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-9.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1404/os/cis-10.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/os/cis-10.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/ubuntu-1404/os/cis-10.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/os/cis-10.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1404/os/cis-7.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/os/cis-7.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/ubuntu-1404/os/cis-7.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/os/cis-7.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1404/tw/cis-7.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/tw/cis-7.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/ubuntu-1404/tw/cis-7.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/tw/cis-7.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-10.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-10.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-10.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-10.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-2.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-2.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-2.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-2.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-4.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-4.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-4.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-4.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-6.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-6.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-6.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-6.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-9.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-9.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-9.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-9.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1604/os/cis-10.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/os/cis-10.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/ubuntu-1604/os/cis-10.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/os/cis-10.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1604/os/cis-7.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/os/cis-7.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/overrides/ubuntu-1604/os/cis-7.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/os/cis-7.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/rhels-6-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/rhels-6-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/rhels-6-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/rhels-6-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/rhels-7-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/rhels-7-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/rhels-7-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/rhels-7-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/rhelw-7-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/rhelw-7-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/rhelw-7-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/rhelw-7-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/ubuntu-1404-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/ubuntu-1404-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/ubuntu-1404-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/ubuntu-1404-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/ubuntu-1604-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/ubuntu-1604-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/ubuntu-1604-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/ubuntu-1604-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/windows-2008r2-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/windows-2008r2-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/windows-2008r2-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/windows-2008r2-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/windows-2012r2-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/windows-2012r2-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cis/windows-2012r2-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/windows-2012r2-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cve/scan-v1.yaml' to resolve 'salt://hubblestack_nova/cve/scan-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cve/scan-v1.yaml' to resolve 'salt://hubblestack_nova/cve/scan-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cve/scan-v2-salt.yaml' to resolve 'salt://hubblestack_nova/cve/scan-v2-salt.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cve/scan-v2-salt.yaml' to resolve 'salt://hubblestack_nova/cve/scan-v2-salt.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cve/scan-v2.yaml' to resolve 'salt://hubblestack_nova/cve/scan-v2.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/cve/scan-v2.yaml' to resolve 'salt://hubblestack_nova/cve/scan-v2.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/firewall/ssh.yaml' to resolve 'salt://hubblestack_nova/firewall/ssh.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/firewall/ssh.yaml' to resolve 'salt://hubblestack_nova/firewall/ssh.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/generate-yaml.sls' to resolve 'salt://hubblestack_nova/generate-yaml.sls'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/generate-yaml.sls' to resolve 'salt://hubblestack_nova/generate-yaml.sls'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/http_proxy/verify.yaml' to resolve 'salt://hubblestack_nova/http_proxy/verify.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/http_proxy/verify.yaml' to resolve 'salt://hubblestack_nova/http_proxy/verify.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/map.jinja' to resolve 'salt://hubblestack_nova/map.jinja'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/map.jinja' to resolve 'salt://hubblestack_nova/map.jinja'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/command.py' to resolve 'salt://hubblestack_nova/modules/command.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/command.py' to resolve 'salt://hubblestack_nova/modules/command.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/cve_scan.py' to resolve 'salt://hubblestack_nova/modules/cve_scan.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/cve_scan.py' to resolve 'salt://hubblestack_nova/modules/cve_scan.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/cve_scan_v2.py' to resolve 'salt://hubblestack_nova/modules/cve_scan_v2.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/cve_scan_v2.py' to resolve 'salt://hubblestack_nova/modules/cve_scan_v2.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/firewall.py' to resolve 'salt://hubblestack_nova/modules/firewall.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/firewall.py' to resolve 'salt://hubblestack_nova/modules/firewall.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/grep.py' to resolve 'salt://hubblestack_nova/modules/grep.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/grep.py' to resolve 'salt://hubblestack_nova/modules/grep.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/misc.py' to resolve 'salt://hubblestack_nova/modules/misc.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/misc.py' to resolve 'salt://hubblestack_nova/modules/misc.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/mount.py' to resolve 'salt://hubblestack_nova/modules/mount.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/mount.py' to resolve 'salt://hubblestack_nova/modules/mount.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/netstat.py' to resolve 'salt://hubblestack_nova/modules/netstat.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/netstat.py' to resolve 'salt://hubblestack_nova/modules/netstat.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/openssl.py' to resolve 'salt://hubblestack_nova/modules/openssl.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/openssl.py' to resolve 'salt://hubblestack_nova/modules/openssl.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/pkg.py' to resolve 'salt://hubblestack_nova/modules/pkg.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/pkg.py' to resolve 'salt://hubblestack_nova/modules/pkg.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/pkgng_audit.py' to resolve 'salt://hubblestack_nova/modules/pkgng_audit.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/pkgng_audit.py' to resolve 'salt://hubblestack_nova/modules/pkgng_audit.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/service.py' to resolve 'salt://hubblestack_nova/modules/service.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/service.py' to resolve 'salt://hubblestack_nova/modules/service.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/stat_nova.py' to resolve 'salt://hubblestack_nova/modules/stat_nova.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/stat_nova.py' to resolve 'salt://hubblestack_nova/modules/stat_nova.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/sysctl.py' to resolve 'salt://hubblestack_nova/modules/sysctl.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/sysctl.py' to resolve 'salt://hubblestack_nova/modules/sysctl.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/systemctl.py' to resolve 'salt://hubblestack_nova/modules/systemctl.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/systemctl.py' to resolve 'salt://hubblestack_nova/modules/systemctl.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/vulners_scanner.py' to resolve 'salt://hubblestack_nova/modules/vulners_scanner.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/vulners_scanner.py' to resolve 'salt://hubblestack_nova/modules/vulners_scanner.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/win_auditpol.py' to resolve 'salt://hubblestack_nova/modules/win_auditpol.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/win_auditpol.py' to resolve 'salt://hubblestack_nova/modules/win_auditpol.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/win_firewall.py' to resolve 'salt://hubblestack_nova/modules/win_firewall.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/win_firewall.py' to resolve 'salt://hubblestack_nova/modules/win_firewall.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/win_gp.py' to resolve 'salt://hubblestack_nova/modules/win_gp.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/win_gp.py' to resolve 'salt://hubblestack_nova/modules/win_gp.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/win_pkg.py' to resolve 'salt://hubblestack_nova/modules/win_pkg.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/win_pkg.py' to resolve 'salt://hubblestack_nova/modules/win_pkg.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/win_reg.py' to resolve 'salt://hubblestack_nova/modules/win_reg.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/win_reg.py' to resolve 'salt://hubblestack_nova/modules/win_reg.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/win_secedit.py' to resolve 'salt://hubblestack_nova/modules/win_secedit.py'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/modules/win_secedit.py' to resolve 'salt://hubblestack_nova/modules/win_secedit.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/network/smtp.yaml' to resolve 'salt://hubblestack_nova/network/smtp.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/network/smtp.yaml' to resolve 'salt://hubblestack_nova/network/smtp.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/network/ssh.yaml' to resolve 'salt://hubblestack_nova/network/ssh.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/network/ssh.yaml' to resolve 'salt://hubblestack_nova/network/ssh.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/samples/sample_cis.yaml' to resolve 'salt://hubblestack_nova/samples/sample_cis.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/samples/sample_cis.yaml' to resolve 'salt://hubblestack_nova/samples/sample_cis.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/samples/sample_command.yaml' to resolve 'salt://hubblestack_nova/samples/sample_command.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/samples/sample_command.yaml' to resolve 'salt://hubblestack_nova/samples/sample_command.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/samples/sample_control.yaml' to resolve 'salt://hubblestack_nova/samples/sample_control.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/samples/sample_control.yaml' to resolve 'salt://hubblestack_nova/samples/sample_control.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/samples/sample_firewall.yaml' to resolve 'salt://hubblestack_nova/samples/sample_firewall.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/samples/sample_firewall.yaml' to resolve 'salt://hubblestack_nova/samples/sample_firewall.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/samples/sample_openssl.yaml' to resolve 'salt://hubblestack_nova/samples/sample_openssl.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/samples/sample_openssl.yaml' to resolve 'salt://hubblestack_nova/samples/sample_openssl.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/stig/rhel-6-mac-1-classified.yaml' to resolve 'salt://hubblestack_nova/stig/rhel-6-mac-1-classified.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/stig/rhel-6-mac-1-classified.yaml' to resolve 'salt://hubblestack_nova/stig/rhel-6-mac-1-classified.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/test.sls' to resolve 'salt://hubblestack_nova/test.sls'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova/test.sls' to resolve 'salt://hubblestack_nova/test.sls'
[INFO    ] Caching directory 'hubblestack_nova_profiles/' for environment 'base'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/DB_HANA.yaml' to resolve 'salt://hubblestack_nova_profiles/DB_HANA.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/DB_HANA.yaml' to resolve 'salt://hubblestack_nova_profiles/DB_HANA.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/OS_Linux.yaml' to resolve 'salt://hubblestack_nova_profiles/OS_Linux.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/OS_Linux.yaml' to resolve 'salt://hubblestack_nova_profiles/OS_Linux.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/OS_Linux.yaml.bkp' to resolve 'salt://hubblestack_nova_profiles/OS_Linux.yaml.bkp'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/OS_Linux.yaml.bkp' to resolve 'salt://hubblestack_nova_profiles/OS_Linux.yaml.bkp'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/OS_Win.yaml' to resolve 'salt://hubblestack_nova_profiles/OS_Win.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/OS_Win.yaml' to resolve 'salt://hubblestack_nova_profiles/OS_Win.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/top.nova' to resolve 'salt://hubblestack_nova_profiles/top.nova'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/top.nova' to resolve 'salt://hubblestack_nova_profiles/top.nova'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/ubuntu-1404-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/ubuntu-1404-level-1-scored-v1-0-0.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path '/var/cache/salt/minion/files/base/hubblestack_nova_profiles/ubuntu-1404-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/ubuntu-1404-level-1-scored-v1-0-0.yaml'
[DEBUG   ] loading nova modules
[DEBUG   ] Error loading nova./modules/cve_scan.py: This module requires Linux and the oscap binary
[DEBUG   ] Error loading nova./modules/win_pkg.py: This audit module only runs on windows
[DEBUG   ] Error loading nova./modules/win_reg.py: This audit module only runs on windows
[DEBUG   ] Error loading nova./modules/win_firewall.py: This audit module only runs on windows
[DEBUG   ] Error loading nova./modules/win_auditpol.py: This audit module only runs on windows
[DEBUG   ] Error loading nova./modules/pkgng_audit.py: This audit module only runs on FreeBSD
[DEBUG   ] Error loading nova./modules/win_secedit.py: This audit module only runs on windows
[DEBUG   ] Error loading nova./modules/win_gp.py: This audit module only runs on windows
[DEBUG   ] LazyLoaded network.netstat
[DEBUG   ] Error loading nova./modules/openssl.py: The python-OpenSSL library is missing
[DEBUG   ] nova_kwargs: {'__pub_fun': 'hubble.audit', '__pub_jid': '20180316090854085545', '__pub_pid': 26592, '__pub_tgt': 'salt-call'}
[DEBUG   ] LazyLoaded cmd.run_all
[INFO    ] Executing command 'grep   ^ZONE= /etc/sysconfig/clock' in directory '/root'
[DEBUG   ] stdout: ZONE="America/New_York"
[INFO    ] Executing command 'grep   ^root:.: /etc/shadow' in directory '/root'
[DEBUG   ] retcode: 1
[INFO    ] Executing command 'grep   ^[^:]*:: /etc/shadow' in directory '/root'
[DEBUG   ] retcode: 1
[INFO    ] Executing command 'grep   ^PermitRootLogin /etc/ssh/sshd_config' in directory '/root'
[DEBUG   ] retcode: 1
[INFO    ] Executing command 'grep   ip_tables /proc/modules' in directory '/root'
[DEBUG   ] retcode: 1
[INFO    ] Executing command 'grep   ^[^#].*:ctlaltdel: /etc/inittab' in directory '/root'
[DEBUG   ] retcode: 1
[INFO    ] Executing command 'grep   ext3 /etc/fstab' in directory '/root'
[DEBUG   ] retcode: 1
[INFO    ] Executing command 'grep   ext3 /proc/mounts' in directory '/root'
[DEBUG   ] retcode: 1
[INFO    ] Executing command 'egrep -v '^#|^$|^Cmnd_Alias|^Defaults|^root|^ *%wheel' /etc/sudoers' in directory '/root'
[ERROR   ] Command 'egrep -v '^#|^$|^Cmnd_Alias|^Defaults|^root|^ *%wheel' /etc/sudoers' failed with return code: 1
[ERROR   ] output:
[INFO    ] Executing command 'daysago=$(date -d "30 days ago" +'%s') && yumlogtime=$(stat -c %Z /var/log/yum.log) && if [[ $yumlogtime < $daysago ]]; then echo yum not run recently; fi' in directory '/root'
[DEBUG   ] output:
[INFO    ] Executing command 'for i in $(egrep -v '^#|^$|^\{tmpfs|devpts|sysfs|proc\)|swap *swap' /etc/fstab | awk '{print $2}'); do mount | egrep -q " on $i " || echo "$i not found"; done' in directory '/root'
[DEBUG   ] output:
[INFO    ] Executing command '/usr/local/patchagent/patchservice status' in directory '/root'
[ERROR   ] Command '/usr/local/patchagent/patchservice status' failed with return code: 127
[ERROR   ] output: /bin/bash: /usr/local/patchagent/patchservice: No such file or directory
[INFO    ] Executing command 'vgs --separator : $(ls -l /dev/mapper | grep $(basename $(grep -v Filename /proc/swaps | awk "{print \$1}")) | awk "{print \$(NF-2)}" | sed "s/-.*//")' in directory '/root'
[DEBUG   ] output:   VG:#PV:#LV:#SN:Attr:VSize:VFree
  vg_root:1:2:0:wz--n-:15.51g:0
[INFO    ] Executing command 'vmware-toolbox-cmd upgrade status' in directory '/root'
[ERROR   ] Command 'vmware-toolbox-cmd upgrade status' failed with return code: 69
[ERROR   ] output: VMware Tools are up-to-date.
[INFO    ] Executing command 'lvs' in directory '/root'
[DEBUG   ] output:   LV      VG      Attr       LSize  Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  lv_root vg_root -wi-ao---- 13.91g
  lv_swap vg_root -wi-ao----  1.60g
[INFO    ] Executing command 'for i in $(mount | egrep -v '^none|^gvfs' | awk '{print $3}'); do egrep -q "\s$i\s" /etc/fstab || echo $i not found; done' in directory '/root'
[DEBUG   ] output:
[DEBUG   ] os_version: 6.9, os_name: redhat
[DEBUG   ] LazyLoaded file.stats
[ERROR   ] Exception occurred in nova module:
[ERROR   ] Traceback (most recent call last):
  File "/var/cache/salt/minion/extmods/modules/hubble.py", line 286, in _run_audit
    ret = func(data_list, tags, **kwargs)
  File "/var/cache/salt/minion/files/base/hubblestack_nova/modules/stat_nova.py", line 101, in audit
    salt_ret = __salt__['file.stats'](name)
  File "/usr/lib/python2.7/site-packages/salt/modules/file.py", line 3375, in stats
    raise CommandExecutionError('Path not found: {0}'.format(path))
CommandExecutionError: Path not found: /usr/local/patchagent/patchservice

[DEBUG   ] LazyLoaded pkg.version
[INFO    ] Executing command ['rpm', '-qa', '--queryformat', '%{NAME}_|-%{EPOCH}_|-%{VERSION}_|-%{RELEASE}_|-%{ARCH}_|-(none)'] in directory '/root'
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('/etc/salt/pki/minion', 'pj-rhel6-sensoring.lab04.local', 'tcp://10.100.252.114:4506', 'aes')
[DEBUG   ] Initializing new AsyncAuth for ('/etc/salt/pki/minion', 'pj-rhel6-sensoring.lab04.local', 'tcp://10.100.252.114:4506')
[DEBUG   ] LazyLoaded nested.output
local:
    ----------
    Compliance:
        68%
    Errors:
        |_
          ----------
          /modules/stat_nova.py:
              ----------
              data:
                  CommandExecutionError: Path not found: /usr/local/patchagent/patchservice
              error:
                  exception occurred
    Failure:
        |_
          ----------
          OS_Linux_v12-02:
              Ensure timezone is set correctly
        |_
          ----------
          OS_Linux_v12-15:
              SSH Root login disabled
        |_
          ----------
          OS_Linux_v12-16:
              Ensure iptables modules are loaded
        |_
          ----------
          OS_Linux_v12-10:
              Ensure sudoers file has non-default commands added to it
        |_
          ----------
          OS_Linux_v12-03:
              Ensure patchagent services are running
        |_
          ----------
          OS_Linux_v12-05:
              Ensure swap volume is on separate disk
    Success:
        |_
          ----------
          OS_Linux_V12-11:
              Root passwd should be set
        |_
          ----------
          OS_Linux_v12-13:
              No blank passwords allowed
        |_
          ----------
          OS_Linux_v12-18:
              Ensure ctl-alt-del is disabled
        |_
          ----------
          OS_Linux_v12-09:
              No ext3 partitions should be in fstab
        |_
          ----------
          OS_Linux_v12-09:
              No ext3 partitions should be mounted
        |_
          ----------
          OS_Linux_v12-04:
              Patching up to date (yum.log less than 30 days old)
        |_
          ----------
          OS_Linux_check_fstab:
              Ensure fstab filesystems are mounted
        |_
          ----------
          OS_Linux_v12-17:
              Ensure vmware tools is up to date
        |_
          ----------
          OS_Linux_v12-08:
              Ensure logical volumes have been created
        |_
          ----------
          OS_Linux_check_mounts:
              Ensure mounted filesystems are in fstab
        |_
          ----------
          OS_Linux_v12-10:
              Ensure sudo is installed
        |_
          ----------
          OS_Linux_v12-08:
              Ensure lvm2 is installed
        |_
          ----------
          OS_Linux_v12-16:
              Ensure iptables is installed
[root@pj-rhel6-sensoring ~]#
basepi commented 6 years ago

Thanks. I didn't have time to investigate this today, but I should tomorrow.

basepi commented 6 years ago

Fixed in https://github.com/hubblestack/hubble/pull/315

sam0104 commented 6 years ago

Can I take the latest files for hubble from master branch and test or just replacing stat_nova.py from feature branch https://github.com/anuragpaliwal80/hubble/blob/42fe7046dd2d1c3dc75a4930dc24fcc9b9f3c6c3/hubblestack/files/hubblestack_nova/stat_nova.py under hubblestack_nova/modules/ should work fine ?

basepi commented 6 years ago

I just realized we haven't ported this fix to hubble-salt, it's just in hubble. Taking the file by itself should work, but I'm not 100% sure. I need to do some serious porting work before our next release.

sam0104 commented 6 years ago

I tried to copy the module file and replaced with old one. Then tried salt '' saltutil.sync_all and salt '' hubble.sync but still have same error while running again RHEL6

basepi commented 6 years ago

Hmm. That's odd. I can't imagine how that could happen unless you were hitting a race condition where the file were there at the if statement but was gone before the stat ran: https://github.com/hubblestack/hubble/blob/2a0f548d280d970b57702aa04289736789301b09/hubblestack/files/hubblestack_nova/stat_nova.py#L109-L110

Can you check the cached file on the minion to make sure the change made it? /var/cache/salt/minion/files/base/hubblestack_nova/stat_nova.py I think should be the path.

sam0104 commented 6 years ago

It is working by just replacing the stat_nova.py file under hubblestack_nova/ . I need to run below commands before trying hubble.audit

salt '' saltutil.clear_cache salt '' saltutil.sync_all salt '*' hubble.sync

Thanks

basepi commented 6 years ago

Theoretically it should work without the explicit cache clear. I wonder if something odd is going on with your fileserver config.....

In any case, I'm glad that the fix worked. Now I just need to clean up hubble-salt and port over all the latest changes.

sam0104 commented 6 years ago

One more issue found with new environment setup. While I already run clear_cache , sync_all and hubble.sync after copying latest module files still /var/cache/salt/minion/files/base/hubblestack_nova/stat_nova.py has old file .

sam0104 commented 6 years ago

Could you please confirm the source from where /var/cache/salt/minion/files/base/hubblestack_nova is being copied. I tried to delete the /var/cache/salt/minion/files/base directory and then run sync_all , hubble.sync still it was copying old module files which are not part of formulas/hubblestack_nova . For resolving the issue I just re-image the OS and copy new modules files . After that it started working . It seems /var/cache/salt/minion/files/base is taking or keeping old files and not always sync .

basepi commented 6 years ago

I still think this may be a fileserver issue.

/var/cache/salt/minion/files/base is populated whenever a minion caches a file from the master. It hashes the file, sends that hash to the master, which compares it to the latest version in the fileserver. Only if it has a different version does it send a new one.

Can you share your fileserver_backend setting on your master and any file_roots or gitfs_remotes settings? It may be that you have a source for that file that you're not expecting in your fileserver.

basepi commented 6 years ago

(Basically, /var/cache/salt/minion/files/base/hubblestack_nova is never explicitly populated by a hubble module. Rather, we call cp.cache_dir and let salt handle it. You're running into a salt issue, not a hubble one)

sam0104 commented 6 years ago

Here file the configurations from /etc/salt/master

#fileserver_backend:
#  - roots

#gitfs_remotes:
#  - git://github.com/saltstack/salt-states.git
#  - file:///var/git/saltmaster
#

file_roots:
  base:
    - /srv/formulas
    - /srv/salt

pillar_roots:
  base:
    - /srv/pillar
basepi commented 6 years ago

I edited your comment with triple backticks for code readability.

I don't see anything hubble-related in that configuration. Also, it looks like the lines you included from /etc/salt/master are commented out?

Where is hubble-salt installed/included?

sam0104 commented 6 years ago

hubble is installed as formula under /srv/formula.

file_roots: base:

basepi commented 6 years ago

OK, and gitfs is not enabled, correct? Can you show me salt-call config.get fileserver_backend on the minion in question?