Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added fedora support #206

Merged
merged 6 commits into from Jan 13, 2019
Merged

Added fedora support #206

merged 6 commits into from Jan 13, 2019

Conversation

jonaswre
Copy link
Contributor

Added to version check "|int" so jinja2 will do proper int comparison
Added failed_when to "activate gpg-check for yum-repos" because yum.conf is replaced in newer fedora versions. Task only fails if error is not "file doesn't exists"
Signed-off-by: Jonas Wrede jonwrede@users.noreply.github.com

@rndmh3ro @jonwrede
Added proper fedora support
ef120fb 
Added to version check "|int" so jinja2 will do proper int comparison
Added failed_when to "activate gpg-check for yum-repos" because yum.conf is replaced in newer fedora versions.
    Task only fails if error is not "file doesn't exists"
Signed-off-by: Jonas Wrede <jonwrede@users.noreply.github.com>
This was referenced Jan 10, 2019
Closed
Closed
@jonaswre jonaswre changed the title Added proper fedora support Added fedora support Jan 10, 2019
nodiscc
nodiscc reviewed Jan 10, 2019
View reviewed changes
tasks/pam.yml Outdated
@@ -71,14 +71,14 @@
yum:
name: '{{ os_packages_pam_cracklib }}'
state: 'absent'
when: (ansible_os_family == 'RedHat' and ansible_distribution_version < '7' and not ansible_distribution == 'Amazon')
when: (ansible_os_family == 'RedHat' and ansible_distribution_version | int < 7 and not ansible_distribution == 'Amazon')
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may as well use the version_compare filter which is designed for this:

when: (ansible_os_family == 'RedHat' and ansible_distribution_version | version_compare('7', '<') and not ansible_distribution == 'Amazon')

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay will do, didn't know where such a thing

@jonwrede
Changed version check to version_compare
9f30ffe 
Signed-off-by: Jonas Wrede <jonas.wrede@student.fh-kiel.de>
@jonwrede
Filter use is not supported in future versions
d4fdaa9 
Signed-off-by: Jonas Wrede <jonas.wrede@student.fh-kiel.de>
rndmh3ro
rndmh3ro reviewed Jan 10, 2019
View reviewed changes
tasks/yum.yml
@@ -27,8 +27,11 @@
dest: '{{ item }}'
regexp: '^\s*gpgcheck: 0'
replace: 'gpgcheck: 1'
register: status
failed_when: status.rc is defined and status.rc != 257
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool idea! Can you add a comment here indicating what it does?

@jonwrede
Added commit to activate gpg-check section
5841951 
Signed-off-by: Jonas Wrede <jonas.wrede@student.fh-kiel.de>
@jonwrede
fixed task naming
dbe0e67 
Signed-off-by: Jonas Wrede <jonas.wrede@student.fh-kiel.de>
@jonaswre
Copy link
Contributor Author

@rndmh3ro I saw you have a fedora image on you docker hub, but im not sure which value is needed for run_opts

@jonaswre jonaswre closed this Jan 11, 2019
@jonaswre jonaswre reopened this Jan 11, 2019
@jonwrede
Added fedora to travis
87a1503 
Signed-off-by: Jonas Wrede <jonas.wrede@student.fh-kiel.de>
@rndmh3ro
Copy link
Member

I saw you have a fedora image on you docker hub, but im not sure which value is needed for run_opts

The ones you used are fine. However in the fedora-image no python is installed... I have to fix this (or you can create a PR, if you want to)

@rndmh3ro
Copy link
Member

Hey @jonwrede, the ansible run is working now, however there seems to be another problem here...

@jonaswre
Copy link
Contributor Author

jonaswre commented Jan 11, 2019
edited

@rndmh3ro it seems to be an docker/travis error. Maybe the run_opts is wrong. I can confirm that the error doesn't happen on a fresh fedora 29 install on a dedicated maschine.

In Centos that task is skiped. And default value of os_security_suid_sgid_remove_from_unknown is false but in test.yml its set to true

@rndmh3ro rndmh3ro merged commit 80f552b into dev-sec:master Jan 13, 2019
@rndmh3ro
Copy link
Member

The problem was that on the docker-image not only python was missing, but also the find-utility as well as sysctl. I fixed this in master.

Thanks for your efforts!

divialth pushed a commit to divialth/ansible-collection-hardening that referenced this pull request Aug 3, 2022
@rndmh3ro
Merge pull request dev-sec#206 from jonwrede/fedora
47dfc30 
Added fedora support
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rndmh3ro rndmh3ro rndmh3ro left review comments

@nodiscc nodiscc nodiscc left review comments

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jonaswre @rndmh3ro @nodiscc @jonwrede