Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Task "2.1.2 Ensure chrony is configured | modify /etc/sysconfig/chronyd" adds parameter on every execution #381

Closed
fgierlinger opened this issue Jun 5, 2024 · 2 comments
Closed

Task "2.1.2 Ensure chrony is configured | modify /etc/sysconfig/chronyd" adds parameter on every execution #381

fgierlinger opened this issue Jun 5, 2024 · 2 comments
Assignees
@uk-bolly
Labels
bug Something isn't working

Comments

@fgierlinger
Copy link

fgierlinger commented Jun 5, 2024
edited

Describe the Issue
The regex in the task "2.1.2 Ensure chrony is configured | modify /etc/sysconfig/chronyd" is supposed to add the parameter "-u chrony" and keep all other parameters. But the task is not idempotent. The "-u chrony" parameter is added for every execution.

RHEL8-CIS/tasks/section_2/cis_2.1.x.yml

Lines 36 to 52 in 7509256

- name: "2.1.3 | PATCH | Ensure chrony is not run as the root user"
when:
- rhel8cis_time_synchronization == "chrony"
- rhel8cis_rule_2_1_3
- not system_is_container
tags:
- level1-server
- level1-workstation
- patch
- rule_2.1.3
ansible.builtin.lineinfile:
path: /etc/sysconfig/chronyd
regexp: OPTIONS=\"(.*)(?!-u chrony)(.*)"
line: OPTIONS="\1\2 -u chrony"
create: true
backrefs: true
mode: '0644'

After 3 executions the file /etc/sysconfig/chronyd has the following content:

OPTIONS="-u chrony -u chrony -u chrony"

Expected Behavior
The task should be idempotent and only add "-u chrony" if not already specified.

Actual Behavior
The task reports a change on every execution and adds "-u chrony" at every execution.

Control(s) Affected
Task 2.1.2
v8 8.4 Standardize Time Synchonization
v7 6.1 Utilize Three Synchronized Time Sources

Environment (please complete the following information):

  • branch being used: devel
  • Ansible Version: 2.16.7
  • Host Python Version: Python 3.11.5
  • Ansible Server Python Version: Python 3.11.5

Additional Notes

Possible Solution
@fgierlinger fgierlinger added the bug Something isn't working label Jun 5, 2024
uk-bolly added a commit that referenced this issue Jun 18, 2024
@uk-bolly
Addressed #381
0148023 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
@uk-bolly
Copy link
Member

hi @fgierlinger

Thank you for this issue, i can see you are referring to the older benchmark version 2.0.0.
CIS v3.0 was released a while ago.
I have therefore added these fixes to a new locked branch called benchamrk_v2.0.0.

I hope this helps.

Many thanks

uk-bolly

@uk-bolly uk-bolly self-assigned this Jun 18, 2024
@uk-bolly uk-bolly mentioned this issue Jun 18, 2024
Merged
@uk-bolly
Copy link
Member

hi @fgierlinger

Thank you again for your time regarding this issue. You should find that this fix was merged into devel and is now in the main branch. I will close this issue, please feel free to reopen if this is not resolved as expected.

Many thanks

uk-bolly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@uk-bolly uk-bolly

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fgierlinger @uk-bolly