New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Node information sent to Compliance after first audit run are not accurate #40

Closed
chef09210 opened this Issue May 6, 2016 · 5 comments

Comments

Projects
None yet
4 participants
@chef09210

chef09210 commented May 6, 2016

Cookbook version

0.6.0

Chef-client version

12.9.38-1

Platform Details

Windows 7 Enterprise

Scenario:

When a Windows node initiates a chef-client run with the audit cookbook, certain information is sent back to Chef Compliance such as hostname/IP and WinRM account. However the hostname/IP field is not filled in and WinRM account name is listed as Administrator even though node is a domain account with a domain administrative account. This prevents reconnection to the node until this information is entered in manually.

Steps to Reproduce:

Run the audit cookbook for the first time on a Win7 client. View the node information result in Chef Compliance after the chef-client run is complete.

Expected Result:

Hostname/IP of machine and account used to run chef-client command remotely through winrm should be sent back to Chef Compliance and listed in the node details on Chef Compliance page.

Actual Result:

Hostname/IP field is empty and account is listed as generic Administrator

@chris-rock chris-rock added the bug label May 11, 2016

@yvovandoorn

This comment has been minimized.

yvovandoorn commented May 13, 2016

Is this because when you use the audit cookbook, its actually using the Chef client keys.

So it is node -> chef server -> chef compliance

node -> chef server is handled by the client.pem file on the machine via HTTPS to Server
chef server -> chef compliance is handled by the integration between server & compliance.

I wouldn't expect the username and password that Chef Client ran as to populate in Compliance, however it should provide the ability to scan / provide information to scan from within compliance.

@chef09210

This comment has been minimized.

chef09210 commented May 16, 2016

The ability to scan/provide information to scan from within Compliance doesn't exist because the parameters used to connect to the node (via winrm) are not filled in properly/at all

Even disregarding the username/password, the hostname/ip should populate in Compliance which it is not doing either.

@chris-rock

This comment has been minimized.

Collaborator

chris-rock commented May 17, 2016

@chef09210 Thanks for reporting. We are aware, that this is not working as expected. This will be fixed within one of the next releases.

@tas50 tas50 removed the bug label Aug 2, 2016

@chris-rock

This comment has been minimized.

Collaborator

chris-rock commented Nov 2, 2016

@chef09210 We refactored the audit cookbook to make it easier to maintain and improve the quality. Is that issues still persistent with the version 2.0 of the audit cookbook.

We retrieve the information from Chef
https://github.com/chef-cookbooks/audit/blob/master/files/default/audit_report.rb#L105-L116

@chris-rock

This comment has been minimized.

Collaborator

chris-rock commented Nov 3, 2016

@chef09210 I am going to close this issue. Please reopen if the issue persists with audit cookbook version 2

@chris-rock chris-rock closed this Nov 3, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment