RHEL6-STIG icon indicating copy to clipboard operation
RHEL6-STIG copied to clipboard

Published 20 hours ago verified publisher icon ansible-lockdown

LOW | V-38567 | PATCH not idempotent

Open shepdelacreme opened this issue 6 years ago • 1 comments

I noticed that sometimes on a subsequent run of this task it is not idempotent. It trigger a changed result because /usr/bin/screen showed up in the list of setuid/gid programs that needed to be audited.

The only thing I can figure is that the task that gathers the setuid/setgid program list is run in prelim.yml before any other tasks. Then there is a task in cat2.yml that runs and updates all out of date packages. i.e. V-38481. THEN in cat3.yml the setuid/gid list of programs is consumed.

I think moving the task out of prelim and putting it in a task block right before it needs to be consumed makes sense to fix this.

shepdelacreme avatar Sep 25 '17 16:09 shepdelacreme

Fixed by #114.

jamescassell avatar Apr 17 '18 21:04 jamescassell