Fix ignoring of packages in 'latest' state · openstack/ansible-hardening@2093f50

rharmonson · 2020-03-05T15:29:54Z

The change to line 21 breaks CentOS Linux release 7.7.1908 (Core).

Executing playbook using

$ ansible-playbook -i localhost, -c local --check ./play.yml -vvv

Results with

TASK [ansible-hardening : Add packages based on STIG requirements] *************
task path: /home/ansusr/.ansible/roles/ansible-hardening/tasks/rhel7stig/packages.yml:16
The full traceback is:
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 104, in run
    items = self._get_loop_items()
  File "/usr/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 231, in _get_loop_items
    convert_bare=False)
  File "/usr/lib/python2.7/site-packages/ansible/utils/listify.py", line 35, in listify_lookup_plugin_terms
    terms = templar.template(terms, fail_on_undefined=fail_on_undefined)
  File "/usr/lib/python2.7/site-packages/ansible/template/__init__.py", line 611, in template
    ) for v in variable]
  File "/usr/lib/python2.7/site-packages/ansible/template/__init__.py", line 578, in template
    disable_lookups=disable_lookups,
  File "/usr/lib/python2.7/site-packages/ansible/template/__init__.py", line 837, in do_template
    res = j2_concat(rf)
  File "<template>", line 12, in root
  File "/usr/lib/python2.7/site-packages/ansible/plugins/filter/mathstuff.py", line 80, in unique
    c = set(a)
  File "/usr/lib/python2.7/site-packages/jinja2/filters.py", line 839, in do_map
    for item in seq:
  File "/usr/lib/python2.7/site-packages/jinja2/filters.py", line 931, in _select_or_reject
    if modfunc(func(transfunc(item))):
  File "/usr/lib/python2.7/site-packages/jinja2/filters.py", line 925, in <lambda>
    name, item, args, kwargs)
  File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 438, in call_test
    raise TemplateRuntimeError('no test named %r' % name)
TemplateRuntimeError: no test named 'in'

fatal: [localhost]: FAILED! => {
    "msg": "Unexpected failure during module execution.", 
    "stdout": ""
}

Reverting line 21 back to using 'equalto', 'present' results with playbook executing without errors.

noonedeadpunk · 2020-03-05T16:02:07Z

What ansible version do you run?

rharmonson · 2020-03-05T16:28:25Z

Here you go!

$ rpm -qi ansible
Name        : ansible
Version     : 2.9.3
Release     : 1.el7
Architecture: noarch
Install Date: Wed 04 Mar 2020 03:16:49 PM PST
Group       : Unspecified
Size        : 109514087
License     : GPLv3+
Signature   : RSA/SHA256, Mon 20 Jan 2020 02:13:10 PM PST, Key ID 6a2faea2352c64e5
Source RPM  : ansible-2.9.3-1.el7.src.rpm
Build Date  : Mon 20 Jan 2020 11:01:58 AM PST
Build Host  : buildvm-08.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://ansible.com
Bug URL     : https://bugz.fedoraproject.org/ansible
Summary     : SSH-based configuration management, deployment, and task execution system
Description :
Ansible is a radically simple model-driven configuration management,
multi-node deployment, and remote task execution system. Ansible works
over SSH and does not require any software or daemons to be installed
on remote nodes. Extension modules can be written in any language and
are transferred to managed machines automatically.

Note: fresh install of CentOS 7 1908 using the defaults for the Gnome Desktop, yum install epel-release, yum install ansible, and VirtualBox Guest Additions and its deps.

noonedeadpunk · 2020-03-05T18:18:46Z

I'm not able to reproduce that:(

[root@hardening centos]# /usr/local/bin/ansible-playbook -i localhost, -c local --check test.yml

PLAY [Run hardening] **********************************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Gather variables for each operating system] *********************************************************************************************************************************************************************************************************
ok: [localhost] => (item=/etc/ansible/roles/ansible-hardening/vars/redhat.yml)

TASK [ansible-hardening : Check for check/audit mode] *************************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check to see if we are booting with EFI or UEFI] ****************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Set facts] ******************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Check if grub is present on the remote node] ********************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Create temporary directory to hold any temporary files] *********************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Set a fact for the temporary directory] *************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Verify all installed RPM packages] ******************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check for .shosts or shosts.equiv files] ************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Get user data for all users on the system] **********************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Get user data for all interactive users on the system] **********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Install EPEL repository] ****************************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Add packages based on STIG requirements] ************************************************************************************************************************************************************************************************************
changed: [localhost] => (item=present)

TASK [ansible-hardening : Remove packages based on STIG requirements] *********************************************************************************************************************************************************************************************************
ok: [localhost] => (item=absent)

TASK [ansible-hardening : include_tasks] **************************************************************************************************************************************************************************************************************************************
included: /etc/ansible/roles/ansible-hardening/tasks/rhel7stig/yum.yml for localhost

TASK [ansible-hardening : include_tasks] **************************************************************************************************************************************************************************************************************************************
included: /etc/ansible/roles/ansible-hardening/tasks/rhel7stig/rpm.yml for localhost

TASK [ansible-hardening : Ensure RPM verification task has finished] **********************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : V-71855 - Get files with invalid checksums (rpm)] ***************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : V-71855 - The cryptographic hash of system files and commands must match vendor values (rpm)] *******************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : V-71977 - Require digital signatures for all packages] **********************************************************************************************************************************************************************************************
ok: [localhost] => (item={'regexp': '^gpgcheck.*', 'line': 'gpgcheck=1'})
changed: [localhost] => (item={'regexp': '^localpkg_gpgcheck.*', 'line': 'localpkg_gpgcheck=1'})
changed: [localhost] => (item={'regexp': '^repo_gpgcheck.*', 'line': 'repo_gpgcheck=0'})

TASK [ansible-hardening : V-71987 - Clean requirements/dependencies when removing packages (RedHat)] **************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check if /etc/yum/yum-cron.conf exists] *************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Enable automatic package updates (yum)] *************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check if /etc/security/pwquality.conf exists] *******************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Set password quality requirements] ******************************************************************************************************************************************************************************************************************
changed: [localhost]

TASK [ansible-hardening : Check for SHA512 password storage in PAM] ***********************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Print warning if PAM is not using SHA512 for password storage] **************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Ensure libuser is storing passwords using SHA512] ***************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Set minimum password lifetime limit to 24 hours for interactive accounts] ***************************************************************************************************************************************************************************
skipping: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 65534, 'name': 'nfsnobody'}, 'name': 'nfsnobody', 'gid': 65534, 'gecos': 'Anonymous NFS User', 'shadow': {'expire_days': -1, 'min_days': -1, 'last_changed': 17687, 'max_days': -1, 'warn_days': -1, 'inact_days': -1}, 'dir': '/var/lib/nfs', 'uid': 65534})                                                                                                                                                                                                       
skipping: [localhost] => (item={'shell': '/bin/bash', 'group': {'passwd': 'x', 'gid': 1000, 'name': 'centos'}, 'name': 'centos', 'gid': 1000, 'gecos': 'Cloud User', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 18326, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/home/centos', 'uid': 1000})                                                                                                                                                                                                                           

TASK [ansible-hardening : Set maximum password lifetime limit to 60 days for interactive accounts] ****************************************************************************************************************************************************************************
skipping: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 65534, 'name': 'nfsnobody'}, 'name': 'nfsnobody', 'gid': 65534, 'gecos': 'Anonymous NFS User', 'shadow': {'expire_days': -1, 'min_days': -1, 'last_changed': 17687, 'max_days': -1, 'warn_days': -1, 'inact_days': -1}, 'dir': '/var/lib/nfs', 'uid': 65534})                                                                                                                                                                                                       
skipping: [localhost] => (item={'shell': '/bin/bash', 'group': {'passwd': 'x', 'gid': 1000, 'name': 'centos'}, 'name': 'centos', 'gid': 1000, 'gecos': 'Cloud User', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 18326, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/home/centos', 'uid': 1000})                                                                                                                                                                                                                           

TASK [ansible-hardening : Ensure that users cannot reuse one of their last 5 passwords] ***************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Ensure accounts are disabled if the password expires] ***********************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Apply shadow-utils configurations] ******************************************************************************************************************************************************************************************************************
changed: [localhost] => (item={'parameter': 'ENCRYPT_METHOD', 'value': 'SHA512', 'stig_id': 'V-71921', 'ansible_os_family': 'all'})
skipping: [localhost] => (item={'parameter': 'PASS_MIN_DAYS', 'value': '', 'stig_id': 'V-71925', 'ansible_os_family': 'all'}) 
skipping: [localhost] => (item={'parameter': 'PASS_MAX_DAYS', 'value': '', 'stig_id': 'V-71929', 'ansible_os_family': 'all'}) 
changed: [localhost] => (item={'parameter': 'FAIL_DELAY', 'value': '4', 'stig_id': 'V-71951', 'ansible_os_family': 'RedHat'})
skipping: [localhost] => (item={'parameter': 'UMASK', 'value': '', 'stig_id': 'V-71995', 'ansible_os_family': 'all'}) 
changed: [localhost] => (item={'parameter': 'CREATE_HOME', 'value': True, 'stig_id': 'V-72013', 'ansible_os_family': 'all'})

TASK [ansible-hardening : Print warning for groups in /etc/passwd that are not in /etc/group] *********************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Get all accounts with UID 0] ************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Print warnings for non-root users with UID 0] *******************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Print warning for local interactive users without a home directory assigned] ************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check each user to see if its home directory exists on the filesystem] ******************************************************************************************************************************************************************************
ok: [localhost] => (item={'shell': '/bin/bash', 'group': {'passwd': 'x', 'gid': 0, 'name': 'root'}, 'name': 'root', 'gid': 0, 'gecos': 'root', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 17687, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/root', 'uid': 0})                                                                                                                                                                                                                                                           
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 1, 'name': 'bin'}, 'name': 'bin', 'gid': 1, 'gecos': 'bin', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 17632, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/bin', 'uid': 1})                                                                                                                                                                                                                                                           
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 2, 'name': 'daemon'}, 'name': 'daemon', 'gid': 2, 'gecos': 'daemon', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 17632, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/sbin', 'uid': 2})                                                                                                                                                                                                                                                 
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 4, 'name': 'adm'}, 'name': 'adm', 'gid': 4, 'gecos': 'adm', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 17632, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/var/adm', 'uid': 3})                                                                                                                                                                                                                                                       
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 7, 'name': 'lp'}, 'name': 'lp', 'gid': 7, 'gecos': 'lp', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 17632, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/var/spool/lpd', 'uid': 4})                                                                                                                                                                                                                                                    
ok: [localhost] => (item={'shell': '/bin/sync', 'group': {'passwd': 'x', 'gid': 0, 'name': 'root'}, 'name': 'sync', 'gid': 0, 'gecos': 'sync', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 17632, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/sbin', 'uid': 5})                                                                                                                                                                                                                                                           
ok: [localhost] => (item={'shell': '/sbin/shutdown', 'group': {'passwd': 'x', 'gid': 0, 'name': 'root'}, 'name': 'shutdown', 'gid': 0, 'gecos': 'shutdown', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 17632, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/sbin', 'uid': 6})                                                                                                                                                                                                                                              
ok: [localhost] => (item={'shell': '/sbin/halt', 'group': {'passwd': 'x', 'gid': 0, 'name': 'root'}, 'name': 'halt', 'gid': 0, 'gecos': 'halt', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 17632, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/sbin', 'uid': 7})                                                                                                                                                                                                                                                          
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 12, 'name': 'mail'}, 'name': 'mail', 'gid': 12, 'gecos': 'mail', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 17632, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/var/spool/mail', 'uid': 8})                                                                                                                                                                                                                                           
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 0, 'name': 'root'}, 'name': 'operator', 'gid': 0, 'gecos': 'operator', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 17632, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/root', 'uid': 11})                                                                                                                                                                                                                                              
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 100, 'name': 'users'}, 'name': 'games', 'gid': 100, 'gecos': 'games', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 17632, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/usr/games', 'uid': 12})                                                                                                                                                                                                                                          
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 50, 'name': 'ftp'}, 'name': 'ftp', 'gid': 50, 'gecos': 'FTP User', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 17632, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/var/ftp', 'uid': 14})                                                                                                                                                                                                                                               
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 99, 'name': 'nobody'}, 'name': 'nobody', 'gid': 99, 'gecos': 'Nobody', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 17632, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/', 'uid': 99})                                                                                                                                                                                                                                                  
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 192, 'name': 'systemd-network'}, 'name': 'systemd-network', 'gid': 192, 'gecos': 'systemd Network Management', 'shadow': {'expire_days': -1, 'min_days': -1, 'last_changed': 17687, 'max_days': -1, 'warn_days': -1, 'inact_days': -1}, 'dir': '/', 'uid': 192})                                                                                                                                                                                                          
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 81, 'name': 'dbus'}, 'name': 'dbus', 'gid': 81, 'gecos': 'System message bus', 'shadow': {'expire_days': -1, 'min_days': -1, 'last_changed': 17687, 'max_days': -1, 'warn_days': -1, 'inact_days': -1}, 'dir': '/', 'uid': 81})                                                                                                                                                                                                                                           
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 998, 'name': 'polkitd'}, 'name': 'polkitd', 'gid': 998, 'gecos': 'User for polkitd', 'shadow': {'expire_days': -1, 'min_days': -1, 'last_changed': 17687, 'max_days': -1, 'warn_days': -1, 'inact_days': -1}, 'dir': '/', 'uid': 999})                                                                                                                                                                                                                                    
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 32, 'name': 'rpc'}, 'name': 'rpc', 'gid': 32, 'gecos': 'Rpcbind Daemon', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 17687, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/var/lib/rpcbind', 'uid': 32})                                                                                                                                                                                                                                 
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 29, 'name': 'rpcuser'}, 'name': 'rpcuser', 'gid': 29, 'gecos': 'RPC Service User', 'shadow': {'expire_days': -1, 'min_days': -1, 'last_changed': 17687, 'max_days': -1, 'warn_days': -1, 'inact_days': -1}, 'dir': '/var/lib/nfs', 'uid': 29})                                                                                                                                                                                                                            
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 65534, 'name': 'nfsnobody'}, 'name': 'nfsnobody', 'gid': 65534, 'gecos': 'Anonymous NFS User', 'shadow': {'expire_days': -1, 'min_days': -1, 'last_changed': 17687, 'max_days': -1, 'warn_days': -1, 'inact_days': -1}, 'dir': '/var/lib/nfs', 'uid': 65534})                                                                                                                                                                                                             
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 74, 'name': 'sshd'}, 'name': 'sshd', 'gid': 74, 'gecos': 'Privilege-separated SSH', 'shadow': {'expire_days': -1, 'min_days': -1, 'last_changed': 17687, 'max_days': -1, 'warn_days': -1, 'inact_days': -1}, 'dir': '/var/empty/sshd', 'uid': 74})                                                                                                                                                                                                                        
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 89, 'name': 'postfix'}, 'name': 'postfix', 'gid': 89, 'gecos': '', 'shadow': {'expire_days': -1, 'min_days': -1, 'last_changed': 17687, 'max_days': -1, 'warn_days': -1, 'inact_days': -1}, 'dir': '/var/spool/postfix', 'uid': 89})                                                                                                                                                                                                                                      
ok: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 995, 'name': 'chrony'}, 'name': 'chrony', 'gid': 995, 'gecos': '', 'shadow': {'expire_days': -1, 'min_days': -1, 'last_changed': 17687, 'max_days': -1, 'warn_days': -1, 'inact_days': -1}, 'dir': '/var/lib/chrony', 'uid': 998})                                                                                                                                                                                                                                        
ok: [localhost] => (item={'shell': '/bin/bash', 'group': {'passwd': 'x', 'gid': 1000, 'name': 'centos'}, 'name': 'centos', 'gid': 1000, 'gecos': 'Cloud User', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 18326, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/home/centos', 'uid': 1000})                                                                                                                                                                                                                                 

TASK [ansible-hardening : Print warning for users with an assigned home directory that does not exist] ************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": "These users have a home directory assigned, but the directory does not exist:\nftp (/var/ftp does not exist)\n"
}

TASK [ansible-hardening : Use pwquality when passwords are changed or created] ************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Verify that AIDE configuration directory exists] ****************************************************************************************************************************************************************************************************
ok: [localhost] => (item=/etc/aide/aide.conf.d)
ok: [localhost] => (item=/etc/aide.conf)

TASK [ansible-hardening : Exclude certain directories from AIDE] **************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Configure AIDE to verify additional properties (Ubuntu)] ********************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Configure AIDE to verify additional properties (SUSE)] **********************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check to see if AIDE database is already in place] **************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Initialize AIDE (this will take a few minutes)] *****************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Move AIDE database into place] **********************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Create AIDE cron job] *******************************************************************************************************************************************************************************************************************************
changed: [localhost]

TASK [ansible-hardening : Verify that auditd.conf exists] *********************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Verify that audisp-remote.conf exists] **************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : V-72083 - The operating system must off-load audit records onto a different system or media from the system being audited] **************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : V-72085 - The operating system must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited] ************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Get valid system architectures for audit rules] *****************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Remove system default audit.rules file] *************************************************************************************************************************************************************************************************************
changed: [localhost]

TASK [ansible-hardening : Remove old RHEL 6 audit rules file] *****************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Deploy rules for auditd based on STIG requirements] *************************************************************************************************************************************************************************************************
changed: [localhost]

TASK [ansible-hardening : Adjust auditd/audispd configurations] ***************************************************************************************************************************************************************************************************************
skipping: [localhost] => (item={'parameter': 'disk_full_action', 'value': 'syslog', 'config': '/etc/audisp/audisp-remote.conf'}) 
skipping: [localhost] => (item={'parameter': 'network_failure_action', 'value': 'syslog', 'config': '/etc/audisp/audisp-remote.conf'}) 
skipping: [localhost] => (item={'parameter': 'space_left', 'value': '5117', 'config': '/etc/audit/auditd.conf'}) 
skipping: [localhost] => (item={'parameter': 'space_left_action', 'value': 'email', 'config': '/etc/audit/auditd.conf'}) 
skipping: [localhost] => (item={'parameter': 'action_mail_acct', 'value': 'root', 'config': '/etc/audit/auditd.conf'}) 

TASK [ansible-hardening : Ensure auditd is running and enabled at boot time] **************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Set pam_faildelay configuration on Ubuntu] **********************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Prevent users with blank or null passwords from authenticating (Debian/Ubuntu)] *********************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Prevent users with blank or null passwords from authenticating (Red Hat)] ***************************************************************************************************************************************************************************
changed: [localhost] => (item=auth)
changed: [localhost] => (item=password)

TASK [ansible-hardening : Prevent users with blank or null passwords from authenticating (SUSE)] ******************************************************************************************************************************************************************************
skipping: [localhost] => (item=/etc/pam.d/system-auth) 
skipping: [localhost] => (item=/etc/pam.d/password-auth) 

TASK [ansible-hardening : Lock accounts after three failed login attempts a 15 minute period] *********************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check for 'nopasswd' in sudoers files] **************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : V-71947 - Users must provide a password for privilege escalation.] **********************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check for '!authenticate' in sudoers files] *********************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : V-71949 - Users must re-authenticate for privilege escalation.] *************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check if sssd.conf exists] **************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Check if GRUB2 custom file exists] ******************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : blockinfile] ****************************************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : lineinfile] *****************************************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : V-72217 - The operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types.] ***************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check for pam_lastlog in PAM configuration] *********************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : V-72275 - Display date/time of last logon after logon] **********************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Ensure .shosts find has finished] *******************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Remove .shosts or shosts.equiv files] ***************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : V-71849 - Get packages with incorrect file permissions or ownership] ********************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : V-71849 - Reset file permissions/ownership to vendor values] ****************************************************************************************************************************************************************************************

TASK [ansible-hardening : Search for files/directories with an invalid owner] *************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : V-72007 - All files and directories must have a valid owner.] ***************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Search for files/directories with an invalid group owner] *******************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : V-72009 - All files and directories must have a valid group owner.] *********************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Set proper owner, group owner, and permissions on home directories] *********************************************************************************************************************************************************************************
skipping: [localhost] => (item={'shell': '/sbin/nologin', 'group': {'passwd': 'x', 'gid': 65534, 'name': 'nfsnobody'}, 'name': 'nfsnobody', 'gid': 65534, 'gecos': 'Anonymous NFS User', 'shadow': {'expire_days': -1, 'min_days': -1, 'last_changed': 17687, 'max_days': -1, 'warn_days': -1, 'inact_days': -1}, 'dir': '/var/lib/nfs', 'uid': 65534})                                                                                                                                                                                                       
skipping: [localhost] => (item={'shell': '/bin/bash', 'group': {'passwd': 'x', 'gid': 1000, 'name': 'centos'}, 'name': 'centos', 'gid': 1000, 'gecos': 'Cloud User', 'shadow': {'expire_days': -1, 'min_days': 0, 'last_changed': 18326, 'max_days': 99999, 'warn_days': 7, 'inact_days': -1}, 'dir': '/home/centos', 'uid': 1000})                                                                                                                                                                                                                           

TASK [ansible-hardening : Find all world-writable directories] ****************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : V-72047 - All world-writable directories must be group-owned by root, sys, bin, or an application group.] *******************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check if /etc/cron.allow exists] ********************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Set owner/group owner on /etc/cron.allow] ***********************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check if gdm is installed and configured] ***********************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : V-71953 - The operating system must not allow an unattended or automatic logon to the system via a graphical user interface] ************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : V-71955 - The operating system must not allow guest logon to the system.] ***************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check for dconf profiles] ***************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Create a user profile in dconf] *********************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Create dconf directories] ***************************************************************************************************************************************************************************************************************************
skipping: [localhost] => (item=/etc/dconf/db/local.d/) 
skipping: [localhost] => (item=/etc/dconf/db/local.d/locks) 
skipping: [localhost] => (item=/etc/dconf/db/gdm.d/) 

TASK [ansible-hardening : Configure graphical session locking] ****************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Prevent users from changing graphical session locking configurations] *******************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Create a GDM profile for displaying a login banner] *************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Create a GDM keyfile for machine-wide settings] *****************************************************************************************************************************************************************************************************
skipping: [localhost] => (item=/etc/dconf/db/gdm.d/01-banner-message) 
skipping: [localhost] => (item=/etc/dconf/db/local.d/01-banner-message) 

TASK [ansible-hardening : V-71983 - USB mass storage must be disabled.] *******************************************************************************************************************************************************************************************************
changed: [localhost]

TASK [ansible-hardening : Set sysctl configurations] **************************************************************************************************************************************************************************************************************************
changed: [localhost] => (item={'name': 'net.ipv4.conf.all.accept_source_route', 'value': 0, 'enabled': True})
changed: [localhost] => (item={'name': 'net.ipv4.conf.default.accept_source_route', 'value': 0, 'enabled': True})
changed: [localhost] => (item={'name': 'net.ipv4.icmp_echo_ignore_broadcasts', 'value': 1, 'enabled': True})
changed: [localhost] => (item={'name': 'net.ipv4.conf.all.send_redirects', 'value': 0, 'enabled': True})
changed: [localhost] => (item={'name': 'net.ipv4.conf.default.send_redirects', 'value': 0, 'enabled': True})
skipping: [localhost] => (item={'name': 'net.ipv4.ip_forward', 'value': 0, 'enabled': False}) 
changed: [localhost] => (item={'name': 'net.ipv6.conf.all.accept_source_route', 'value': 0, 'enabled': True})
changed: [localhost] => (item={'name': 'net.ipv4.conf.default.accept_redirects', 'value': 0, 'enabled': True})
changed: [localhost] => (item={'name': 'kernel.randomize_va_space', 'value': 2, 'enabled': True})
skipping: [localhost] => (item={'name': 'net.ipv6.conf.all.disable_ipv6', 'value': 1, 'enabled': False}) 

TASK [ansible-hardening : Check kdump service] ********************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : V-72057 - Kernel core dumps must be disabled unless needed.] ****************************************************************************************************************************************************************************************
changed: [localhost]

TASK [ansible-hardening : Check if FIPS is enabled] ***************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Print a warning if FIPS isn't enabled] **************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": "FIPS is not enabled at boot time on this server. The STIG requires FIPS to be enabled at boot time.\n"
}

TASK [ansible-hardening : V-77821 - Datagram Congestion Control Protocol (DCCP) kernel module must be disabled] ***************************************************************************************************************************************************************
changed: [localhost]

TASK [ansible-hardening : Check apparmor_status output] ***********************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check if apparmor is running] ***********************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Ensure AppArmor is enabled at boot time] ************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Ensure AppArmor is running] *************************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Ensure SELinux is in enforcing mode on the next reboot] *********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Relabel files on next boot if SELinux mode changed] *************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check for unlabeled device files] *******************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : V-72039 - All system device files must be correctly labeled to prevent unauthorized modification.] **************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check autofs service] *******************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : V-71985 - File system automounter must be disabled unless required.] ********************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : V-71993 - The x86 Ctrl-Alt-Delete key sequence must be disabled] ************************************************************************************************************************************************************************************
changed: [localhost]

TASK [ansible-hardening : Check for /home on mounted filesystem] **************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": "The STIG requires that /home is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
}

TASK [ansible-hardening : Check for /var on mounted filesystem] ***************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": "The STIG requires that /var is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
}

TASK [ansible-hardening : Check for /var/log/audit on mounted filesystem] *****************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": "The STIG requires that /var/log/audit is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
}

TASK [ansible-hardening : Check for /tmp on mounted filesystem] ***************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": "The STIG requires that /tmp is on its own filesystem, but this system\ndoes not appear to be following the requirement.\n"
}

TASK [ansible-hardening : Check if syslog output is being sent to another server] *********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : V-72209 - The system must send rsyslog output to a log aggregation server.] *************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": "Output from syslog must be sent to another server."
}

TASK [ansible-hardening : Check if ClamAV is installed] ***********************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Remove 'Example' line from ClamAV configuration files] **********************************************************************************************************************************************************************************************
skipping: [localhost] => (item=/etc/freshclam.conf) 
skipping: [localhost] => (item=/etc/clamd.d/scan.conf) 

TASK [ansible-hardening : Set ClamAV server type as socket] *******************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Allow automatic freshclam updates] ******************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check if ClamAV update process is already running] **************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Update ClamAV database] *****************************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Ensure ClamAV is running] ***************************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Remove old config block for V-72223 from openstack-ansible-security] ********************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : V-72223 - Set 10 minute timeout on communication sessions] ******************************************************************************************************************************************************************************************
changed: [localhost]

TASK [ansible-hardening : Start and enable chrony] ****************************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check if chrony configuration file exists] **********************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : V-72269 - Synchronize system clock (configuration file)] ********************************************************************************************************************************************************************************************
changed: [localhost]

TASK [ansible-hardening : Check firewalld status] *****************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Ensure firewalld is running and enabled] ************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Limit new TCP connections to 25/minute and allow bursting to 100] ***********************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Count nameserver entries in /etc/resolv.conf] *******************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : V-72281 - For systems using DNS resolution, at least two name servers must be configured.] **********************************************************************************************************************************************************
ok: [localhost] => {
    "msg": "Two or more nameservers must be configured in /etc/resolv.conf.\nNameservers found: 1\n"
}

TASK [ansible-hardening : Check for interfaces in promiscuous mode] ***********************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : V-72295 - Network interfaces must not be in promiscuous mode.] **************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check for postfix configuration file] ***************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : V-72297 - Prevent unrestricted mail relaying] *******************************************************************************************************************************************************************************************************
changed: [localhost]

TASK [ansible-hardening : Check for TFTP server configuration file] ***********************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Check TFTP configuration mode] **********************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : V-72305 - TFTP must be configured to operate in secure mode] ****************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Check to see if snmpd config contains public/private] ***********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : V-72313 - Change SNMP community strings from default.] **********************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : Copy login warning banner] **************************************************************************************************************************************************************************************************************************
changed: [localhost]

TASK [ansible-hardening : Adjust ssh server configuration based on STIG requirements] *****************************************************************************************************************************************************************************************
changed: [localhost]

TASK [ansible-hardening : Ensure sshd is enabled at boot time] ****************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Determine existing public ssh host keys] ************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Public host key files must have mode 0644 or less] **************************************************************************************************************************************************************************************************
ok: [localhost] => (item=/etc/ssh/ssh_host_ecdsa_key.pub)
ok: [localhost] => (item=/etc/ssh/ssh_host_ed25519_key.pub)
ok: [localhost] => (item=/etc/ssh/ssh_host_rsa_key.pub)

TASK [ansible-hardening : Determine existing private ssh host keys] ***********************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [ansible-hardening : Private host key files must have mode 0600 or less] *************************************************************************************************************************************************************************************************
changed: [localhost] => (item=/etc/ssh/ssh_host_ecdsa_key)
changed: [localhost] => (item=/etc/ssh/ssh_host_ed25519_key)
changed: [localhost] => (item=/etc/ssh/ssh_host_rsa_key)

TASK [ansible-hardening : Remove the temporary directory] *********************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [ansible-hardening : include_tasks] **************************************************************************************************************************************************************************************************************************************
skipping: [localhost]

RUNNING HANDLER [ansible-hardening : restart chrony] **************************************************************************************************************************************************************************************************************************
changed: [localhost]

RUNNING HANDLER [ansible-hardening : restart ssh] *****************************************************************************************************************************************************************************************************************************
changed: [localhost]

RUNNING HANDLER [ansible-hardening : generate auditd rules] *******************************************************************************************************************************************************************************************************************
skipping: [localhost]

PLAY RECAP ********************************************************************************************************************************************************************************************************************************************************************
localhost                  : ok=78   changed=21   unreachable=0    failed=0    skipped=82   rescued=0    ignored=0   

[root@hardening centos]# /usr/local/bin/ansible-playbook --version
ansible-playbook 2.9.3
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.6.8 (default, Aug  7 2019, 17:28:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
[root@hardening centos]# cat /etc/redhat-release 
CentOS Linux release 7.5.1804 (Core) 
[root@hardening centos]# cat test.yml 
---

- name: Run hardening
  hosts: localhost
  roles:
    - ansible-hardening
[root@hardening centos]#

noonedeadpunk · 2020-03-05T18:22:59Z

Maybe you need to check Jinja version installed:

[root@hardening centos]# pip3 freeze | grep Jinja2
Jinja2==2.11.1
[root@hardening centos]#

noonedeadpunk · 2020-03-05T18:40:08Z

Yeah, in test appeared in jinja 2.10 [1] while centos installs 2.7.2 (which was released in 2014) via system packages...

Not sure though how to solve this issue, as having equalto breaks functionality.... We can kinda update jinja here, but not sure it will be used at once.

[1] https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-10

rharmonson · 2020-03-05T20:28:46Z

You are correct. It is jinja2 2.7.2.

Seeing how jinja 2.7.2 is the most current version available for CentOS 7 and Red Hat Enterprise Linux 7, what is the expectation?

rharmonson · 2020-03-05T20:35:12Z

Identified jinja2 2.8.1 available for python3 from epel but that isn't going to fix the problem.

noonedeadpunk · 2020-04-01T09:07:55Z

@rharmonson I hope this will be addressed with https://review.opendev.org/#/c/716528/

-Original file line number
+Diff line change
@@ Expand Up / @@ -18,7 +18,7 @@ @@
         name: "{{ stig_packages_rhel7 | selectattr('enabled') | selectattr('state', 'equalto', item) | sum(attribute='packages', start=[]) }}"
         state: "{{ item }}"
       with_items:
-        - "{{ stig_packages_rhel7 | selectattr('enabled') | selectattr('state', 'equalto', 'present') | map(attribute='state') | unique | list }}"
+        - "{{ stig_packages_rhel7 | selectattr('enabled') | selectattr('state', 'in', ['present', 'latest']) | map(attribute='state') | unique | list }}"
       tags:
         - cat1
         - auth
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

9 comments on commit `2093f50`

rharmonson commented on `2093f50` Mar 5, 2020 •

edited

noonedeadpunk commented on `2093f50` Mar 5, 2020

rharmonson commented on `2093f50` Mar 5, 2020 •

edited

noonedeadpunk commented on `2093f50` Mar 5, 2020 •

edited

noonedeadpunk commented on `2093f50` Mar 5, 2020 •

edited

noonedeadpunk commented on `2093f50` Mar 5, 2020 •

edited

rharmonson commented on `2093f50` Mar 5, 2020

rharmonson commented on `2093f50` Mar 5, 2020

noonedeadpunk commented on `2093f50` Apr 1, 2020

Commit

There are no files selected for viewing

9 comments on commit 2093f50

rharmonson commented on 2093f50 Mar 5, 2020 • edited

Choose a reason for hiding this comment

noonedeadpunk commented on 2093f50 Mar 5, 2020

Choose a reason for hiding this comment

rharmonson commented on 2093f50 Mar 5, 2020 • edited

Choose a reason for hiding this comment

noonedeadpunk commented on 2093f50 Mar 5, 2020 • edited

Choose a reason for hiding this comment

noonedeadpunk commented on 2093f50 Mar 5, 2020 • edited

Choose a reason for hiding this comment

noonedeadpunk commented on 2093f50 Mar 5, 2020 • edited

Choose a reason for hiding this comment

rharmonson commented on 2093f50 Mar 5, 2020

Choose a reason for hiding this comment

rharmonson commented on 2093f50 Mar 5, 2020

Choose a reason for hiding this comment

noonedeadpunk commented on 2093f50 Apr 1, 2020

Choose a reason for hiding this comment

9 comments on commit `2093f50`

rharmonson commented on `2093f50` Mar 5, 2020 •

edited

noonedeadpunk commented on `2093f50` Mar 5, 2020

rharmonson commented on `2093f50` Mar 5, 2020 •

edited

noonedeadpunk commented on `2093f50` Mar 5, 2020 •

edited

noonedeadpunk commented on `2093f50` Mar 5, 2020 •

edited

noonedeadpunk commented on `2093f50` Mar 5, 2020 •

edited

rharmonson commented on `2093f50` Mar 5, 2020

rharmonson commented on `2093f50` Mar 5, 2020

noonedeadpunk commented on `2093f50` Apr 1, 2020