Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[devsec.hardening.os_hardening : restart-auditd] fails #698

Closed
tzumby opened this issue Oct 5, 2023 · 2 comments
Closed

[devsec.hardening.os_hardening : restart-auditd] fails #698

tzumby opened this issue Oct 5, 2023 · 2 comments
Labels

Comments

@tzumby
Copy link

tzumby commented Oct 5, 2023

Description

Running the os_hardening in Ubuntu 20.04 throws this error when it gets to the auditd handler. I checked the handler file and it looks like it still uses a service restart auditd, shouldn't that be distro specific ?

RUNNING HANDLER [devsec.hardening.os_hardening : restart-auditd] ******************************************************************************
fatal: [10.7.9.98]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (ansible.legacy.command) module: warn. Supported parameters include: _raw_params, _uses_shell, argv, chdir, creates, executable, removes, stdin, stdin_add_newline, strip_empty_ends."}

Reproduction steps

This is a vanilla os-hardening inclusion in a playbook that doesn't run anything else. I think running this against any Ubuntu 20.04 would reproduce

Current Behavior

The task fails

Expected Behavior

Handler successfully restarts auditd

OS / Environment

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.6 LTS"

Ansible Version

ansible [core 2.15.2]
  config file = None
  configured module search path = ['/Users/tzumby/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/homebrew/Cellar/ansible/8.2.0_2/libexec/lib/python3.11/site-packages/ansible
  ansible collection location = /Users/tzumby/.ansible/collections:/usr/share/ansible/collections
  executable location = /opt/homebrew/bin/ansible
  python version = 3.11.4 (main, Jul 25 2023, 17:35:35) [Clang 14.0.0 (clang-1400.0.29.202)] (/opt/homebrew/Cellar/ansible/8.2.0_2/libexec/bin/python)
  jinja version = 3.1.2
  libyaml = True

Collection Version

dev-sec.os-hardening, 6.2.0

Additional information

...

@tzumby tzumby added the bug label Oct 5, 2023
@rndmh3ro
Copy link
Member

rndmh3ro commented Oct 5, 2023

@rndmh3ro
Copy link
Member

rndmh3ro commented Oct 6, 2023

I just noticed that we already did this some time ago here: ade6dee

So you're going to have to use a more recent collection version.

@rndmh3ro rndmh3ro closed this as completed Oct 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants