Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Idempotence test failed #14

Closed
florianutz opened this issue May 23, 2018 · 1 comment
Closed

Idempotence test failed #14

florianutz opened this issue May 23, 2018 · 1 comment

Comments

@florianutz
Copy link
Owner

ERROR: Idempotence test failed because of the following tasks:

  • [instance] => Ubuntu1604-CIS : SCORED | 1.1.1.4 | PATCH | Ensure mounting of hfs filesystems is disabled
  • [instance] => Ubuntu1604-CIS : SCORED | 1.1.1.5 | PATCH | Ensure mounting of hfsplus filesystems is disabled
  • [instance] => Ubuntu1604-CIS : NOTSCORED | 4.3 | PATCH | Ensure logrotate.conf exists
florianutz added a commit that referenced this issue May 23, 2018
@florianutz
- updated regex for 1.1.1.4 and 1.1.1.5
b05b006 
- update for 4.3: state: touch always returns an "modified" and
 idempotence test will fail. bad workaround changed_when: false

- resolve #14
@florianutz
Copy link
Owner Author

fixed

florianutz added a commit that referenced this issue Jun 6, 2018
@florianutz
Major enhancements (#15)
ed8ea1d 
* cleanup files and folders

* updated hardening tasks
audit tasks enhancements
some bugfix

* bugfix variables

* update defaults

* update licensefile

* update gitignore

* added missing tags to 6.2.6

* added handler load audit rules

* Dev2 (#12)

* Moving the needle on implementation

- Added scored or notscored to all rule plays.
- Added rule tags to all rules (I think)
- Added 5.5 and 5.6 to defaults/main.yml
- added section tags to tasks/main.yml for easy section testing
- cleaned up tasks/post.yml for easy reading + task header standardization; removed "when == Debian" since this is only for Ubuntu systems
- standardized order of tags (levels, scored, patch, subsystem, rule, notimplemented).
- added cron, sshd, ntp, syslog, and maybe several other tags to various plays to allow bypassing or enabling based on subsystem (mostly section 5)
- moved multiple plays for the same rule into a single block (block names are only supported >= Ansible 2.3). This allows for a single "when" to run the entire block, and for nicer code folding. Unfortunately, it does push the minimum requirement from 2.1 -> 2.3; I will look at block syntax without names if backwards compat that far is desired.
- switched "restart auditd" to be a service command instead of a command; this is more Ansible-y and works on both RedHat and Debian families, with both SysV init and systemd init services. This also tracks with redhat-cis
- fixed rule 4.1.6 template to conform to the Ubuntu CIS benchmark instead of the RedHat one.

* section 1

- actually commit section1 changes, since they didn't get merged in to the previous giant splat.

* Fixed whitespace issue 1.1.2

* Fixed section1 and section4 whitespace and block errors.

* Section5 whitespace fixes.

* yamlint now passes 100% of all yml files. Did not ansible lint.

* Fixed rule 4.3

* added rule 4_3 to defaults/main.yml

* added file touch to rule 4.3

* Forgot to write an actual commit message.

* Added stat check for 5.4.4

* update handlers for docker

* - updated regex for 1.1.1.4 and 1.1.1.5
- update for 4.3: state: touch always returns an "modified" and
 idempotence test will fail. bad workaround changed_when: false

- resolve #14

* - fixed typo in 1.1.1.4

* - update regexp

* add 1.1.2 mount task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@florianutz