Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Errors [UBUNTU20-CIS : 4.2.1.3 | PATCH | Ensure logging is configured | Automated rsyslog configuration] #90

Closed
Acenl12 opened this issue Sep 10, 2023 · 3 comments
Closed

Errors [UBUNTU20-CIS : 4.2.1.3 | PATCH | Ensure logging is configured | Automated rsyslog configuration] #90

Acenl12 opened this issue Sep 10, 2023 · 3 comments
Assignees
@uk-bolly
Labels
bug Something isn't working

Comments

@Acenl12
Copy link

Acenl12 commented Sep 10, 2023

Describe the Issue
The following errors when my ansible tries to run my playbook

TASK [UBUNTU20-CIS : 4.2.1.3 | PATCH | Ensure logging is configured | Automated rsyslog configuration] *****************failed: [localhost] (item=*.emerg                         :omusrmsg:*) => {"ansible_loop_var": "item", "changed": false, "item": {"insertafter": "^# Emergencies are sent to everybody logged in", "line": "*.emerg                         :omusrmsg:*", "regexp": "^\\*.emerg"}, "msg": "Destination /etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/rsyslog.d/50-default.conf does not exist !", "rc": 257}
failed: [localhost] (item=auth,authpriv.*                  /var/log/auth.log) => {"ansible_loop_var": "item", "changed": false, "item": {"insertafter": "^# First some standard log files.  Log by facility", "line": "auth,authpriv.*
        /var/log/auth.log", "regexp": "^auth,authpriv.\\*"}, "msg": "Destination /etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/rsyslog.d/50-default.conf does not exist !", "rc": 257}
failed: [localhost] (item=mail.*                          -/var/log/mail) => {"ansible_loop_var": "item", "changed": false, "item": {"insertafter": "^# First some standard log files", "line": "mail.*                          -/var/log/mail", "regexp": "^mail.\\*|^#mail.\\*"}, "msg": "Destination /etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/rsyslog.d/50-default.conf does not exist !", "rc": 257}
failed: [localhost] (item=mail.info                      -/var/log/mail.info) => {"ansible_loop_var": "item", "changed": false, "item": {"insertafter": "^# Logging for the mail system", "line": "mail.info                      -/var/log/mail.info", "regexp": "^mail.info|^#mail.info"}, "msg": "Destination /etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/rsyslog.d/50-default.conf does not exist !", "rc": 257}
failed: [localhost] (item=mail.warn                      -/var/log/mail.warn) => {"ansible_loop_var": "item", "changed": false, "item": {"insertafter": "^# Logging for the mail system.", "line": "mail.warn                      -/var/log/mail.warn", "regexp": "^mail.warn|^#mail.warn"}, "msg": "Destination /etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/rsyslog.d/50-default.conf does not exist !", "rc": 257}
failed: [localhost] (item=mail.err                        /var/log/mail.err) => {"ansible_loop_var": "item", "changed": false, "item": {"insertafter": "^# Logging for the mail system.", "line": "mail.err                        /var/log/mail.err", "regexp": "^mail.err|^#mail.err"}, "msg": "Destination /etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/rsyslog.d/50-default.conf does not exist !", "rc": 257}
failed: [localhost] (item=news.crit                       -/var/log/news/news.crit) => {"ansible_loop_var": "item", "changed": false, "item": {"insertafter": "^# First some standard log files", "line": "news.crit                       -/var/log/news/news.crit", "regexp": "^news.crit|^#news.crit"}, "msg": "Destination /etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/rsyslog.d/50-default.conf does not exist !", "rc": 257}
failed: [localhost] (item=news.err                        -/var/log/news/news.err) => {"ansible_loop_var": "item", "changed": false, "item": {"insertafter": "^# First some standard log files", "line": "news.err                        -/var/log/news/news.err", "regexp": "^news.err|^#news.err"}, "msg": "Destination /etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/rsyslog.d/50-default.conf does not exist !", "rc": 257}
failed: [localhost] (item=news.notice                     -/var/log/news/news.notice) => {"ansible_loop_var": "item", "changed": false, "item": {"insertafter": "^# First some standard log files", "line": "news.notice                     -/var/log/news/news.notice", "regexp": "^news.notice|^#news.notice"}, "msg": "Destination /etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/rsyslog.d/50-default.conf does not exist !", "rc": 257}
failed: [localhost] (item=*.=warning;*.=err               -/var/log/warn) => {"ansible_loop_var": "item", "changed": false, "item": {"insertafter": "^# First some standard log files", "line": "*.=warning;*.=err               -/var/log/warn", "regexp": "^\\*.=warning;\\*.=err|^#\\*.=warning;\\*.=err"}, "msg": "Destination /etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/rsyslog.d/50-default.conf does not exist !", "rc": 257}
failed: [localhost] (item=*.crit                           /var/log/warn) => {"ansible_loop_var": "item", "changed": false, "item": {"insertafter": "^# First some standard log files", "line": "*.crit                           /var/log/warn", "regexp": "^\\*.crit|^#\\*.crit"}, "msg": "Destination /etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/rsyslog.d/50-default.conf does not exist !", "rc": 257}
failed: [localhost] (item=*.*;mail.none;news.none         -/var/log/messages) => {"ansible_loop_var": "item", "changed": false, "item": {"insertafter": "^# First some standard log files", "line": "*.*;mail.none;news.none         -/var/log/messages", "regexp": "^\\*.\\*;mail.none;news.none|^#\\*.\\*;mail.none;news.none"}, "msg": "Destination /etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/rsyslog.d/50-default.conf does not exist !", "rc": 257}
failed: [localhost] (item=local0,local1.*                 -/var/log/localmessages) => {"ansible_loop_var": "item", "changed": false, "item": {"insertafter": "^# First some standard log files", "line": "local0,local1.*                 -/var/log/localmessages", "regexp": "^local0,local1.\\*|^#local0,local1.\\*"}, "msg": "Destination /etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/rsyslog.d/50-default.conf does not exist !", "rc": 257}
failed: [localhost] (item=local2,local3.*                 -/var/log/localmessages) => {"ansible_loop_var": "item", "changed": false, "item": {"insertafter": "^# First some standard log files", "line": "local2,local3.*                 -/var/log/localmessages", "regexp": "^local2,local3.\\*|^#local2,local3.\\*"}, "msg": "Destination /etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/rsyslog.d/50-default.conf does not exist !", "rc": 257}
failed: [localhost] (item=local4,local5.*                 -/var/log/localmessages) => {"ansible_loop_var": "item", "changed": false, "item": {"insertafter": "^# First some standard log files", "line": "local4,local5.*                 -/var/log/localmessages", "regexp": "^local4,local5.\\*|^#local4,local5.\\*"}, "msg": "Destination /etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/rsyslog.d/50-default.conf does not exist !", "rc": 257}
failed: [localhost] (item=local6,local7.*                 -/var/log/localmessages) => {"ansible_loop_var": "item", "changed": false, "item": {"insertafter": "^# First some standard log files", "line": "local6,local7.*                 -/var/log/localmessages", "regexp": "^local6,local7.\\*|^#local6,local7.\\*"}, "msg": "Destination /etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/ansible/roles/UBUNTU20-CIS/tasks/section_4/cis_4.2.1.x.yml\n/etc/rsyslog.d/50-default.conf does not exist !", "rc": 257}

Expected Behavior
Run without errors

Actual Behavior
A clear and concise description of what's happening.

Control(s) Affected
4.2.1.3

Environment (please complete the following information):

ansible --version
ansible [core 2.13.11]
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /root/.local/pipx/venvs/ansible/lib/python3.8/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /root/.local/bin/ansible
  python version = 3.8.10 (default, May 26 2023, 14:05:08) [GCC 9.4.0]
  jinja version = 3.1.2
  libyaml = True

Additional Notes
Playbook:

- hosts: localhost
  any_errors_fatal: true
  tasks:
    - name: Install git
      become: true
      ansible.builtin.package:
        name: git
        state: present

    - name: UBUNTU20-CIS
      become: true
      ansible.builtin.git:
        repo: 'https://github.com/ansible-lockdown/UBUNTU20-CIS'
        dest: /etc/ansible/roles/UBUNTU20-CIS
        version: devel

    - name: Include the hardening role
      ansible.builtin.include_role:
        name: UBUNTU20-CIS
@Acenl12 Acenl12 added the bug Something isn't working label Sep 10, 2023
@uk-bolly uk-bolly mentioned this issue Sep 11, 2023
Merged
@uk-bolly uk-bolly self-assigned this Sep 19, 2023
@uk-bolly
Copy link
Member

uk-bolly commented Sep 19, 2023
edited
Loading

hi @Acenl12

Many thanks for raising this issue. Apologies, i think i have linked to this a release. althoughi dont believe this is resolved as yet.
I believe you are working off an older branch as CIS has renumbered many items?

I will work on this today and aim to get a solution in devel asap.

many thanks

uk-bolly

This was referenced Sep 19, 2023
Merged
Merged
uk-bolly added a commit that referenced this issue Sep 19, 2023
@uk-bolly
Merge pull request #95 from ansible-lockdown/issue_#90
7321713 
Issue #90
@Acenl12
Copy link
Author

Acenl12 commented Sep 20, 2023

hi @Acenl12

Many thanks for raising this issue. Apologies, i think i have linked to this a release. althoughi dont believe this is resolved as yet. I believe you are working off an older branch as CIS has renumbered many items?

I will work on this today and aim to get a solution in devel asap.

many thanks

uk-bolly

Hi,

No Im using your devel branch as defined in my playbook

    repo: 'https://github.com/ansible-lockdown/UBUNTU20-CIS'
    dest: /etc/ansible/roles/UBUNTU20-CIS
    version: devel

@Acenl12
Copy link
Author

Acenl12 commented Sep 22, 2023

Seems to be fixed. Closing this issue now

@Acenl12 Acenl12 closed this as completed Sep 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@uk-bolly uk-bolly

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Acenl12 @uk-bolly