Describe the bug
Tested against chef-os-hardening.
Expected behavior
Tests should pass.
Actual behavior
Tests fail.
$ kitchen verify
-----> Starting Kitchen (v1.24.0)
-----> Verifying <default-amazon2-2018>...
[2019-01-28T16:29:48+00:00] WARN: URL target https://github.com/dev-sec/linux-baseline transformed to https://github.com/dev-sec/linux-baseline/archive/master.tar.gz. Consider using the git fetcher
Loaded linux-baseline
Profile: DevSec Linux Security Baseline (linux-baseline)
Version: 2.2.2
Target: ssh://ec2-user@ec2-52-210-177-37.eu-west-1.compute.amazonaws.com:22
<tests passing...>
✔ package-07: Install syslog server package
✔ System Package rsyslog should be installed
× package-08: Install auditd (1 failed)
✔ System Package audit should be installed
✔ Audit Daemon Config log_file should cmp == "/var/log/audit/audit.log"
✔ Audit Daemon Config log_format should cmp == "raw"
✔ Audit Daemon Config flush should match /^INCREMENTAL|INCREMENTAL_ASYNC$/
× Audit Daemon Config max_log_file_action should cmp == "keep_logs"
expected: "keep_logs"
got: "ROTATE"
(compared using `cmp` matcher)
✔ Audit Daemon Config space_left should cmp == 75
✔ Audit Daemon Config action_mail_acct should cmp == "root"
✔ Audit Daemon Config space_left_action should cmp == "SYSLOG"
✔ Audit Daemon Config admin_space_left should cmp == 50
✔ Audit Daemon Config admin_space_left_action should cmp == "SUSPEND"
✔ Audit Daemon Config disk_full_action should cmp == "SUSPEND"
✔ Audit Daemon Config disk_error_action should cmp == "SUSPEND"
✔ package-09: CIS: Additional process hardening
<tests passing...>
Profile Summary: 52 successful controls, 1 control failure, 1 control skipped
Test Summary: 124 successful, 1 failure, 1 skipped
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 1 actions failed.
>>>>>> Verify failed on instance <default-amazon2-2018>. Please see .kitchen/logs/default-amazon2-2018.log for more details
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration
aws-runas.main 2019/01/28 16:30:07 [CRIT] ▶ exit status 20Example code
Policy File
# Policyfile.rb - Describe how you want Chef to build your system.
#
# For more information on the Policyfile feature, visit
# https://docs.chef.io/policyfile.html
# A name that describes what the system you're building with Chef does.
name "base-ami"
# This lets you source cookbooks from your chef-repo.
default_source :chef_repo, "cookbooks"
# Where to find external cookbooks:
default_source :supermarket
# run_list: chef-client will run these recipes in the order specified.
run_list "os-hardening"
cookbook "os-hardening"
# Specify a custom source for a single cookbook:
# cookbook 'example_cookbook', path: '../cookbooks/example_cookbook'
.kitchen.yml
---
driver:
name: ec2
region: eu-west-1
instance_type: t2.micro
shared_credentials_profile: <profile>
iam_profile_name: <iam_profile_name>
tags:
Name: KitchenEC2-Base-AMI
created-by: kitchen-ec2
provisioner:
name: chef_zero
always_update_cookbooks: true
verifier:
name: inspec
platforms:
- name: amazon2-2018
suites:
- name: default
verifier:
inspec_tests:
- supermarket://dev-sec/linux-baseline
OS / Environment
Inspec Version
$ inspec --version
3.2.6
Your version of InSpec is out of date! The latest version is 3.3.14.
Baseline Version
Additional context
Using the kitchen-ec2 test driver.
Describe the bug
Tested against chef-os-hardening.
Expected behavior
Tests should pass.
Actual behavior
Tests fail.
Example code
Policy File
.kitchen.yml
OS / Environment
Inspec Version
Baseline Version
Additional context
Using the kitchen-ec2 test driver.