Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File system loop detected; ‘/bin/X11’ is part of the same file system loop as ‘/bin’." #815

Closed
jpmc3630 opened this issue Oct 27, 2024 · 2 comments
Closed

File system loop detected; ‘/bin/X11’ is part of the same file system loop as ‘/bin’." #815

jpmc3630 opened this issue Oct 27, 2024 · 2 comments
Labels
bug os_hardening

Comments

@jpmc3630
Copy link

jpmc3630 commented Oct 27, 2024
edited
Loading

Description

Errors caused by X11's symlink :
find: File system loop detected; ‘/usr/bin/X11’ is part of the same file system loop as ‘/usr/bin’.
find: File system loop detected; ‘/bin/X11’ is part of the same file system loop as ‘/bin’.

I read from a previous issue (#215) that these can be safely ignored, but can you please provide info about the expected permissions I should find on other dirs in bin, to confirm that only the X11 directory has been skipped? Is skipping the X11 dir a concern?

My concern is that this leads to other dirs in the bin dir being skipped too, and am requesting info about checks I can run to confirm the children of bin have the correct permissions.

Thanks

Reproduction steps

...
Include these playbook tasks in a ubuntu 24.04 installation:
    - { role: devsec.hardening.os_hardening, tags: "os_hardening" }
    - { role: devsec.hardening.nginx_hardening, tags: "nginx_hardening" }
    - { role: devsec.hardening.ssh_hardening, tags: "ssh_hardening" }

Current Behavior

ok: [170.64.215.211] => (item=/usr/local/bin)
ok: [170.64.215.211] => (item=/usr/sbin)
failed: [170.64.215.211] (item=/usr/bin) => {"ansible_loop_var": "item", "changed": false, "cmd": "find -L /usr/bin -perm /go+w -type f", "delta": "0:00:00.046808", "end": "2024-10-27 08:38:03.110458", "item": "/usr/bin", "msg": "non-zero return code", "rc": 1, "start": "2024-10-27 08:38:03.063650", "stderr": "find: File system loop detected; ‘/usr/bin/X11’ is part of the same file system loop as ‘/usr/bin’.", "stderr_lines": ["find: File system loop detected; ‘/usr/bin/X11’ is part of the same file system loop as ‘/usr/bin’."], "stdout": "", "stdout_lines": []}
ok: [170.64.215.211] => (item=/sbin)
failed: [170.64.215.211] (item=/bin) => {"ansible_loop_var": "item", "changed": false, "cmd": "find -L /bin -perm /go+w -type f", "delta": "0:00:00.009521", "end": "2024-10-27 08:38:06.305799", "item": "/bin", "msg": "non-zero return code", "rc": 1, "start": "2024-10-27 08:38:06.296278", "stderr": "find: File system loop detected; ‘/bin/X11’ is part of the same file system loop as ‘/bin’.", "stderr_lines": ["find: File system loop detected; ‘/bin/X11’ is part of the same file system loop as ‘/bin’."], "stdout": "", "stdout_lines": []}
...ignoring

TASK [devsec.hardening.os_hardening : Minimize access on found files] *****************************************************************************************
skipping: [170.64.215.211]

Expected Behavior

Expecting no error. But the error is ok if I can verify permission checks have been performed correctly on sibling dirs of bin, and have information if this failure on X11 dir is a problem.

OS / Environment

Target is ubuntu 24.04 on a digital ocean droplet

Ansible Version

ansible [core 2.17.5]
  config file = None
  configured module search path = ['/Users/james/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/homebrew/Cellar/ansible/10.5.0/libexec/lib/python3.12/site-packages/ansible
  ansible collection location = /Users/james/.ansible/collections:/usr/share/ansible/collections
  executable location = /opt/homebrew/bin/ansible
  python version = 3.12.7 (main, Oct  1 2024, 02:05:46) [Clang 15.0.0 (clang-1500.3.9.4)] (/opt/homebrew/Cellar/ansible/10.5.0/libexec/bin/python)
  jinja version = 3.1.4
  libyaml = True

Collection Version

10.1.0

Additional information

...
@jpmc3630 jpmc3630 added the bug label Oct 27, 2024
@rndmh3ro
Copy link
Member

rndmh3ro commented Nov 2, 2024

I read from a previous issue (#215) that these can be safely ignored, but can you please provide info about the expected permissions I should find on other dirs in bin, to confirm that only the X11 directory has been skipped? Is skipping the X11 dir a concern?

X11 is not a directory but a file.

My concern is that this leads to other dirs in the bin dir being skipped too, and am requesting info about checks I can run to confirm the children of bin have the correct permissions.

Since the task only searches for files recursively (and not directories), it finds all files in all sub-directories. So no need to worry here.

@jpmc3630
Copy link
Author

jpmc3630 commented Nov 4, 2024

Ok cool, thank you.

@rndmh3ro rndmh3ro closed this as completed Nov 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug os_hardening
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@schurzi @rndmh3ro @jpmc3630