Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a "don't fail on error" switch ? #148

Closed
rgarrigue opened this issue Oct 6, 2017 · 4 comments
Closed

Add a "don't fail on error" switch ? #148

rgarrigue opened this issue Oct 6, 2017 · 4 comments
Labels

Comments

@rgarrigue
Copy link
Contributor

Hello

I just added this role as a deps for my role, ended up removing it since it's breaking my playbook, especially my "molecule test". Logs are below.

   TASK [dev-sec.os-hardening : change su-binary to only be accessible to user and group root] ***
    fatal: [molecule-docker-gitlab-amazonlinux-2017.03]: FAILED! => {"changed": false, "failed": true, "msg": "file (/bin/su) is absent, cannot continue", "path": "/bin/su", "state": "absent"}
    fatal: [molecule-docker-gitlab-amazonlinux-2017.09]: FAILED! => {"changed": false, "failed": true, "msg": "file (/bin/su) is absent, cannot continue", "path": "/bin/su", "state": "absent"}
    changed: [molecule-docker-gitlab-centos-7]
   TASK [dev-sec.os-hardening : change su-binary to only be accessible to user and group root] ***
    fatal: [molecule-docker-gitlab-amazonlinux-2017.03]: FAILED! => {"changed": false, "failed": true, "msg": "file (/bin/su) is absent, cannot continue", "path": "/bin/su", "state": "absent"}
    fatal: [molecule-docker-gitlab-amazonlinux-2017.09]: FAILED! => {"changed": false, "failed": true, "msg": "file (/bin/su) is absent, cannot continue", "path": "/bin/su", "state": "absent"}
    changed: [molecule-docker-gitlab-centos-7]

As for me, I wish those lineinfile / ownership / mod checks could be ignored if files are missing, hence no security trouble there.

@rndmh3ro
Copy link
Member

rndmh3ro commented Oct 7, 2017

Hey @rgarrigue, rather than ignoring errors, I'd like to fix those errors so they don't happen in the first place.

I guess this happens because /bin/su is a symlink to /usr/bin/su or some other path.
Can you tell me, what operating system you're using (if you're on aws, tell me the ami, or if you use docker, tell me the container) please?

@rndmh3ro rndmh3ro added the bug label Oct 7, 2017
@rgarrigue
Copy link
Contributor Author

rgarrigue commented Oct 7, 2017 via email

@rgarrigue
Copy link
Contributor Author

Hi there. Coming to this role again 2 years later, I see a forgotten issue.

This is no longer relevant to me. Can be closed as far as I'm concerned.

@rndmh3ro
Copy link
Member

Sorry, yeah, totally forgot. :/

Thanks for remembering though!

rndmh3ro added a commit that referenced this issue Jul 24, 2020
divialth pushed a commit to divialth/ansible-collection-hardening that referenced this issue Aug 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants