You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
TASK [ansible-os-hardening : Change various sysctl-settings on rhel-hosts, look at the sysctl-vars file for documentation] ***
task path: /home/felis/ansible/roles/ansible-os-hardening/tasks/sysctl.yml:28
[DEPRECATION WARNING]: Using bare variables is deprecated. Update your playbooks so that the environment value uses the full variable syntax ('{{sysctl_rhel_config}}'). This feature will be
removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
failed: [localhost] => (item={'value': 1, 'key': u'kernel.exec-shield'}) => {"failed": true, "item": {"key": "kernel.exec-shield", "value": 1}, "msg": "setting kernel.exec-shield failed: sysctl: cannot stat /proc/sys/kernel/exec-shield: No such file or directory\n"}
Some searching suggests that RHEL 7 has disallowed modification to exec-shield and is enabled by default.
The text was updated successfully, but these errors were encountered:
The solution here is proper use of the ignoreerrors parameter on the sysctl tasks. Looks like the sysctl_set parameter, which validates key/value pairs prior to writing, overrides the ignoreerrors parameter. We can conservatively fix the ignoreerrors handling only on the RHEL-specific sysctl options.
Some searching suggests that RHEL 7 has disallowed modification to exec-shield and is enabled by default.
The text was updated successfully, but these errors were encountered: