New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Additional Ansible Scripts #2134
Conversation
…securetty_root_login_console_only.yml
@shawndwells I am 99% sure it's because that fix is getting pulled into RHEL5 and RHEL5 doesn't have the Value that that script is using. |
dest: /etc/audit/auditd.conf | ||
regexp: '.*flush.*' | ||
line: flush = data | ||
notify: reload auditd |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will this work as is or do we need ansible handlers defined for this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mpreisler: shoot, you're right. I can take the notify
out for now... how would we create handles?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's comment it or something so that we can grep for it when we implement handlers
@mpreisler - Done! Thanks. |
|
@@ -9,7 +9,8 @@ | |||
dest: /etc/ssh/sshd_config | |||
regexp: "^Protocol [0-9]" | |||
line: "Protocol 2" | |||
notify: | |||
validate: sshd -t -f %s | |||
#notify: | |||
- reload ssh |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
needs to be commented as well
On 7/13/17 3:14 PM, Martin Preisler wrote:
@shawndwells <https://github.com/shawndwells>
|$ sudo ansible-playbook --check ./ssg-rhel7-role-ospp-rhel7.yml
[WARNING]: provided hosts list is empty, only localhost is available
ERROR! Syntax Error while loading YAML. The error appears to have been
in
'/home/mpreisle/d/scap-security-guide/build/roles/ssg-rhel7-role-ospp-rhel7.yml':
line 2801, column 9, but may be elsewhere in the file depending on the
exact syntax problem. The offending line appears to be: #notify: -
reload ssh ^ here |
Ugh. I did a sed s/notify/#notify/r thinking I had everything on one
line. Looks like I missed sshd_allow_only_protocol2.
|
…uide into more_ansible
Thx, the conflict is very minor, I will merge this manually. |
Can't merge this, still get issues:
There are a bunch of syntax errors. Is key=value allowed in your version of ansible, @shawndwells ? It isn't on the ansible shipping on Fedora. Probably also disallowed on RHEL. |
@shawndwells very briefly looked into this and the issue is that you are mixing 2 syntaxes together. They are both allowed but you can't mix them in one item. |
Conflicts: shared/templates/static/ansible/sshd_use_priv_separation.yml
I'm getting an error on the playbooks:
Which is from ensure_redhat_gpgkey_installed.yml:6:
However there is another use of
I'm staring at these. Attempted to remove |
@shawndwells did you uncomment the "hosts" line in the |
@shawndwells I don't get syntax errors here.
I would merge this if you didn't mention you get the |
Merging this, we can improve it further with other PRs. |
Beginning:
*** rules of 'ospp-rhel7' profile missing a ansible fix script: 193 of 357 [45% complete]
After:
*** rules of 'ospp-rhel7' profile missing a ansible fix script: 171 of 357 [52% complete]