ComplianceAsCode
Ansible remediation doesn't respect platform_package_overrides (network-manager package name)
Description of problem:
I'm using the ansible generated plays from scap-security-guide-0.1.69/ansible/ubuntu2204-playbook-cis_level1_server.yml
Specifically, these lines:
...
4654 - name: Ensure NetworkManager is installed
4655 ansible.builtin.package:
4656 name: '{{ item }}'
4657 state: present
4658 with_items:
4659 - NetworkManager
...
SCAP Security Guide Version:
0.1.69
Operating System Version:
Ubuntu 22.04
Steps to Reproduce:
- Download the release
- Extract it
- Run
ansible-playbook -i "localhost," -c local ubuntu2204-playbook-cis_level1_server.yml -bK
Actual Results:
TASK [Ensure NetworkManager is installed] ***********************************************************************************************************************************
failed: [localhost] (item=NetworkManager) => {"ansible_loop_var": "item", "changed": false, "item": "NetworkManager", "msg": "No package matching 'NetworkManager' is available"}
Expected Results:
The tasks should succeed
Additional Information/Debugging Steps:
I see https://github.com/ComplianceAsCode/content/blob/d47677ea88d64fc6bfaaccfe4b3c9911cc4772a7/products/ubuntu2204/product.yml#L41 the override there, but I can't quite tell how it gets used when generating ansible plays.
Could someone point me to where I should start looking to implement a fix? I'd like to contribute back a fix for this, and any new issues I encounter.
Thanks for reporting this and the initial investigation @benhosmereop .
This issue is in wireless_disable_interfaces rule, more specifically here: https://github.com/ComplianceAsCode/content/blob/master/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/ansible/shared.yml#L12
This Ansible remediation should be updated to use the property you mentioned. FYI @dodys
Thanks @marcusburghardt and @dodys for your previous help. I welcome feedback here but this seems like it fixes the issue.
