RHEL8-CIS icon indicating copy to clipboard operation
RHEL8-CIS copied to clipboard

Published 20 hours ago verified publisher icon ansible-lockdown

Task "2.1.2 Ensure chrony is configured | modify /etc/sysconfig/chronyd" adds parameter on every execution

Open fgierlinger opened this issue 2 months ago • 1 comments

Describe the Issue The regex in the task "2.1.2 Ensure chrony is configured | modify /etc/sysconfig/chronyd" is supposed to add the parameter "-u chrony" and keep all other parameters. But the task is not idempotent. The "-u chrony" parameter is added for every execution.

https://github.com/ansible-lockdown/RHEL8-CIS/blob/7509256bf2ced8db3edf5f9b353a8b183068c527/tasks/section_2/cis_2.1.x.yml#L36-L52

After 3 executions the file /etc/sysconfig/chronyd has the following content:

OPTIONS="-u chrony -u chrony -u chrony"

Expected Behavior The task should be idempotent and only add "-u chrony" if not already specified.

Actual Behavior The task reports a change on every execution and adds "-u chrony" at every execution.

Control(s) Affected Task 2.1.2 v8 8.4 Standardize Time Synchonization v7 6.1 Utilize Three Synchronized Time Sources

Environment (please complete the following information):

  • branch being used: devel
  • Ansible Version: 2.16.7
  • Host Python Version: Python 3.11.5
  • Ansible Server Python Version: Python 3.11.5

Additional Notes

Possible Solution

fgierlinger avatar Jun 05 '24 09:06 fgierlinger