Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Node information sent to Compliance after first audit run are not accurate #40

Closed
chef09210 opened this issue May 6, 2016 · 5 comments
Closed

Node information sent to Compliance after first audit run are not accurate #40

chef09210 opened this issue May 6, 2016 · 5 comments

Comments

@chef09210
Copy link

chef09210 commented May 6, 2016
edited
Loading

Cookbook version

0.6.0

Chef-client version

12.9.38-1

Platform Details

Windows 7 Enterprise

Scenario:

When a Windows node initiates a chef-client run with the audit cookbook, certain information is sent back to Chef Compliance such as hostname/IP and WinRM account. However the hostname/IP field is not filled in and WinRM account name is listed as Administrator even though node is a domain account with a domain administrative account. This prevents reconnection to the node until this information is entered in manually.

Steps to Reproduce:

Run the audit cookbook for the first time on a Win7 client. View the node information result in Chef Compliance after the chef-client run is complete.

Expected Result:

Hostname/IP of machine and account used to run chef-client command remotely through winrm should be sent back to Chef Compliance and listed in the node details on Chef Compliance page.

Actual Result:

Hostname/IP field is empty and account is listed as generic Administrator
@chris-rock chris-rock added the bug label May 11, 2016
@yvovandoorn
Copy link

Is this because when you use the audit cookbook, its actually using the Chef client keys.

So it is node -> chef server -> chef compliance

node -> chef server is handled by the client.pem file on the machine via HTTPS to Server
chef server -> chef compliance is handled by the integration between server & compliance.

I wouldn't expect the username and password that Chef Client ran as to populate in Compliance, however it should provide the ability to scan / provide information to scan from within compliance.

@chef09210
Copy link
Author

chef09210 commented May 16, 2016
edited
Loading

The ability to scan/provide information to scan from within Compliance doesn't exist because the parameters used to connect to the node (via winrm) are not filled in properly/at all

Even disregarding the username/password, the hostname/ip should populate in Compliance which it is not doing either.

@chris-rock
Copy link
Contributor

@chef09210 Thanks for reporting. We are aware, that this is not working as expected. This will be fixed within one of the next releases.

@tas50 tas50 removed the bug label Aug 2, 2016
@chris-rock
Copy link
Contributor

@chef09210 We refactored the audit cookbook to make it easier to maintain and improve the quality. Is that issues still persistent with the version 2.0 of the audit cookbook.

We retrieve the information from Chef
https://github.com/chef-cookbooks/audit/blob/master/files/default/audit_report.rb#L105-L116

@chris-rock
Copy link
Contributor

@chef09210 I am going to close this issue. Please reopen if the issue persists with audit cookbook version 2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tas50 @chris-rock @yvovandoorn @chef09210