major / ansible-role-cis Goto Github PK
View Code? Open in Web Editor NEWDEPRECATED: Use https://github.com/major/cis-rhel-ansible
Home Page: https://github.com/major/cis-rhel-ansible
DEPRECATED: Use https://github.com/major/cis-rhel-ansible
Home Page: https://github.com/major/cis-rhel-ansible
We've got 4.8 (in check mode it fails) 9.2.1..9.2.19 (all scored) to do. I couldn't figure out 4.8. I'll see what I can do with 9.2.*
Considering the repository split in major/cis-rhel-ansible#17 has orphaned some commit history would you be kind enough to start a contributors list that reflects @haisamido and my contributions to the project?
Looks like major/cis-rhel-ansible#21 will need to be solved in this repository now. I have a solution in the works and will submit a PR soon.
What do you think of doing tasks this way (below)? I know it's a huge refactor, but it scales well, and can be extended with ease.
README.md says to run via
ansible-playbook -i hosts -C playbook.yml -t section4
but that doesn't work anymore because there is no hosts file nor a playbook.yml one.
I ran it this way
sudo ansible-playbook -i ../cis-rhel-ansible/hosts -C ../cis-rhel-ansible/playbook.yml -t section4
Should I add the hosts and playbook.yml files?
Can we work on 9.2.1-9.2.19 ?
Even as root 6.2.4 returns error code 7 (No permission to file).
failed: [localhost] => {"changed": true, "cmd": ["/etc/init.d/sshd", "reload"], "delta": "0:00:00.063176", "end": "2014-09-09 15:33:49.352543", "rc": 7, "start": "2014-09-09 15:33:49.289367"}
When running section 7, task 7.4 fails, after first reporting that the line was added to said file
ansible-playbook -i /etc/ansible/hosts -C ./playbook.yaml --ask-pass -vvvv -t section7
...
TASK: [cis | 7.4 Set Default umask for Users (Scored)] ************************
<192.168.33.100> ESTABLISH CONNECTION FOR USER: root
<192.168.33.100> REMOTE_MODULE lineinfile state=present create=yes dest=/etc/profile.d/cis.sh line="umask 077" CHECKMODE=True
<192.168.33.100> EXEC sshpass -d9 ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/vagrant/.ansible/cp/ansible-ssh-%h-%p-%r" -o GSSAPIAuthentication=no -o PubkeyAuthentication=no -o User=root -o ConnectTimeout=10 192.168.33.100 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1432630166.51-205453462534514 && echo $HOME/.ansible/tmp/ansible-tmp-1432630166.51-205453462534514'
<192.168.33.100> PUT /tmp/tmpKZReiv TO /root/.ansible/tmp/ansible-tmp-1432630166.51-205453462534514/lineinfile
<192.168.33.100> EXEC sshpass -d9 ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/vagrant/.ansible/cp/ansible-ssh-%h-%p-%r" -o GSSAPIAuthentication=no -o PubkeyAuthentication=no -o User=root -o ConnectTimeout=10 192.168.33.100 /bin/sh -c 'LANG=C LC_CTYPE=C /usr/bin/python /root/.ansible/tmp/ansible-tmp-1432630166.51-205453462534514/lineinfile; rm -rf /root/.ansible/tmp/ansible-tmp-1432630166.51-205453462534514/ >/dev/null 2>&1'
changed: [192.168.33.100] => {"backup": "", "changed": true, "msg": "line added"}
TASK: [cis | Ensure that /etc/profile.d/cis.sh has correct owner, group and mode] ***
<192.168.33.100> ESTABLISH CONNECTION FOR USER: root
<192.168.33.100> REMOTE_MODULE file path=/etc/profile.d/cis.sh owner=root group=root mode=0644 CHECKMODE=True
<192.168.33.100> EXEC sshpass -d12 ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/vagrant/.ansible/cp/ansible-ssh-%h-%p-%r" -o GSSAPIAuthentication=no -o PubkeyAuthentication=no -o User=root -o ConnectTimeout=10 192.168.33.100 /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1432630166.63-161579567173676 && echo $HOME/.ansible/tmp/ansible-tmp-1432630166.63-161579567173676'
<192.168.33.100> PUT /tmp/tmpqHMQag TO /root/.ansible/tmp/ansible-tmp-1432630166.63-161579567173676/file
<192.168.33.100> EXEC sshpass -d12 ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/vagrant/.ansible/cp/ansible-ssh-%h-%p-%r" -o GSSAPIAuthentication=no -o PubkeyAuthentication=no -o User=root -o ConnectTimeout=10 192.168.33.100 /bin/sh -c 'LANG=C LC_CTYPE=C /usr/bin/python /root/.ansible/tmp/ansible-tmp-1432630166.63-161579567173676/file; rm -rf /root/.ansible/tmp/ansible-tmp-1432630166.63-161579567173676/ >/dev/null 2>&1'
failed: [192.168.33.100] => {"changed": false, "failed": true, "path": "/etc/profile.d/cis.sh", "state": "absent"}
msg: file (/etc/profile.d/cis.sh) is absent, cannot continue
System in question is CentOS 6.5
So there are a lot of steps that expect a grub config that for some reason in a fresh CentOS 6.5 linode box just isn't there. This didn't happen with another 6.5 box. Is this potentially based on Linode's boot setup and thus should I file an issue with linode?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.