Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssh_hardening: Install selinux dependencies fails on Oracle Linux (RHEL) 9 #585

Closed
robpomeroy opened this issue Oct 5, 2022 · 3 comments
Closed

ssh_hardening: Install selinux dependencies fails on Oracle Linux (RHEL) 9 #585

robpomeroy opened this issue Oct 5, 2022 · 3 comments
Labels
bug

Comments

@robpomeroy
Copy link

robpomeroy commented Oct 5, 2022
edited
Loading

Describe the bug

Task devsec.hardening.ssh_hardening : Install selinux dependencies when selinux is installed fails with the following message:

No package policycoreutils-python available.

I think this is because the package under OL9 is named policycoreutils-python-utils and the role does not distinguish Oracle Linux (as it does CentOS).

Expected behavior

Play installs correct package and proceeds.

Actual behavior

Play halts.

Example Playbook

Snippet:

    - role: devsec.hardening.ssh_hardening
      vars:
        sftp_enabled: true # maintain SFTP support for Ansible
        sftp_chroot: false

OS / Environment

Oracle Linux 9.0 (derived from Red Hat Enterprise Linux 9).

Ansible Version

[DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the controller starting with Ansible 2.12. Current version: 3.6.8 (default, May 19 2021, 10:00:09) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1.0.1)]. This feature will be removed from ansible-core in version
 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
ansible [core 2.11.4] 
  config file = /home/rob/personal/Ansible/App-server/ansible.cfg
  configured module search path = ['/home/rob/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.6/site-packages/ansible
  ansible collection location = /home/rob/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.6.8 (default, May 19 2021, 10:00:09) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1.0.1)]
  jinja version = 3.0.1
  libyaml = True

Role Version

8.2.0

Note

A workaround (which I've applied locally) would be to copy vars/CentOS_9.yml as vars/OracleLinux_9.yml. Not very DRY though.
@rndmh3ro rndmh3ro added the bug label Oct 5, 2022
@rndmh3ro
Copy link
Member

rndmh3ro commented Oct 5, 2022

Thanks for noticing!

I actually already have a fix implemented in this branch: https://github.com/dev-sec/ansible-collection-hardening/tree/support_more_os/roles/ssh_hardening/vars

Since the changes in this branch are not complete yet, I didn't merge it yet.

@robpomeroy
Copy link
Author

Excellent, thanks Sebastian. I guess it's not just OL9 that's affected. 👍

@schurzi
Copy link
Contributor

schurzi commented Nov 3, 2022

this should be fixed by #588

@schurzi schurzi closed this as completed Nov 3, 2022
@sanjaysrikakulam sanjaysrikakulam mentioned this issue Nov 25, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@robpomeroy @schurzi @rndmh3ro