Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

harden permissions for directory mount /var/log fails for minimized Ubuntu 22.04 #741

Closed
bl4ko opened this issue Jan 16, 2024 · 2 comments
Closed

harden permissions for directory mount /var/log fails for minimized Ubuntu 22.04 #741

bl4ko opened this issue Jan 16, 2024 · 2 comments
Labels
bug

Comments

@bl4ko
Copy link

bl4ko commented Jan 16, 2024

Description

On minimized Ubuntu 22.04 there is no syslog group, so task [devsec.hardening.os_hardening : Harden permissions for directory of mount /var/log fails.

Reproduction steps

- hosts: all
  roles:
    - name: devsec.hardening.os_hardening

Current Behavior

TASK [devsec.hardening.os_hardening : Harden permissions for directory of mount /var/log] ***********************************************************************
fatal: [ubtest]: FAILED! => {"changed": false, "gid": 0, "group": "root", "mode": "0755", "msg": "chgrp failed: failed to look up group syslog", "owner": "root", "path": "/var/log", "size": 4096, "state": "directory", "uid": 0}

Expected Behavior

If there is no syslog on the system, I guess the task should be skipped.

OS / Environment

Fresh install:

  • minimal Ubuntu 22.04.1 LTS
  • Linux 5.15.0-91-generic x86_64

Ansible Version

ansible [core 2.16.1]
  config file = /Users/bl4ko/Projects/ansible/ansible.cfg
  configured module search path = ['/Users/bl4ko/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/homebrew/Cellar/ansible/9.1.0/libexec/lib/python3.12/site-packages/ansible
  ansible collection location = /Users/bl4ko/.ansible/collections:/usr/share/ansible/collections
  executable location = /opt/homebrew/bin/ansible
  python version = 3.12.1 (main, Dec  7 2023, 20:45:44) [Clang 15.0.0 (clang-1500.0.40.1)] (/opt/homebrew/Cellar/ansible/9.1.0/libexec/bin/python)
  jinja version = 3.1.3
  libyaml = True

Collection Version

v9.0.0

Additional information

...
@bl4ko bl4ko added the bug label Jan 16, 2024
@bl4ko bl4ko closed this as completed Jan 16, 2024
@bl4ko
Copy link
Author

bl4ko commented Jan 16, 2024
edited
Loading

Solved with the os_mnt_var_log_group var which is missing in the docs.

@rndmh3ro
Copy link
Member

Solved with the os_mnt_var_log_group var which is missing in the docs.

The reason that it's missing is that its not supposed to be changed (that's why its in the vars and not in the defaults).

So rather it's a possible bug that we set the group to syslog but the group does not exist and we should check that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rndmh3ro @bl4ko